Red Hat Security Advisory: Red Hat build of Keycloak 26.4.10 Images Update
Red Hat has released updated container images for the Red Hat build of Keycloak 26. 4. 10 addressing multiple security vulnerabilities. These include several authentication bypass issues related to SAML identity providers and clients, improper validation of encrypted SAML assertions, a denial of service vulnerability via excessive SAMLRequest decompression, and a potential security control bypass through authorization header parsing. The update aligns with the standalone Keycloak product release and is intended for use within OpenShift Container Platform deployments. Users are advised to back up their existing installations before applying the update.
AI Analysis
Technical Summary
This advisory covers a set of security vulnerabilities in Red Hat's build of Keycloak 26.4.10, an integrated sign-on solution deployed as a containerized image on OpenShift. The vulnerabilities include authentication bypasses due to disabled SAML clients or identity providers (CVE-2026-3047, CVE-2026-3009, CVE-2026-2603), improper validation of encrypted SAML assertions (CVE-2026-2092), missing checks on disabled clients for Docker Registry protocol (CVE-2026-2733), denial of service via excessive SAMLRequest decompression (CVE-2026-2575), response delays from unchecked NotOnOrAfter timestamps in SAML SubjectConfirmationData (CVE-2026-1190), and potential security control bypass through authorization header parsing (CVE-2026-0707). Red Hat has released new container images that address these issues for on-premise or private cloud OpenShift deployments.
Potential Impact
The vulnerabilities collectively could allow attackers to bypass authentication mechanisms, gain unauthorized access, cause denial of service conditions, or bypass security controls within Keycloak deployments. This impacts the integrity and availability of authentication services managed by Keycloak in OpenShift environments. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released updated container images for Red Hat build of Keycloak 26.4.10 that address these vulnerabilities. Users should back up their existing installations, including applications, configuration files, and databases, before applying the update. Applying the updated images is the recommended remediation. Patch status is confirmed by the vendor advisory. No additional mitigations are specified beyond applying the update.
Red Hat Security Advisory: Red Hat build of Keycloak 26.4.10 Images Update
Description
Red Hat has released updated container images for the Red Hat build of Keycloak 26. 4. 10 addressing multiple security vulnerabilities. These include several authentication bypass issues related to SAML identity providers and clients, improper validation of encrypted SAML assertions, a denial of service vulnerability via excessive SAMLRequest decompression, and a potential security control bypass through authorization header parsing. The update aligns with the standalone Keycloak product release and is intended for use within OpenShift Container Platform deployments. Users are advised to back up their existing installations before applying the update.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers a set of security vulnerabilities in Red Hat's build of Keycloak 26.4.10, an integrated sign-on solution deployed as a containerized image on OpenShift. The vulnerabilities include authentication bypasses due to disabled SAML clients or identity providers (CVE-2026-3047, CVE-2026-3009, CVE-2026-2603), improper validation of encrypted SAML assertions (CVE-2026-2092), missing checks on disabled clients for Docker Registry protocol (CVE-2026-2733), denial of service via excessive SAMLRequest decompression (CVE-2026-2575), response delays from unchecked NotOnOrAfter timestamps in SAML SubjectConfirmationData (CVE-2026-1190), and potential security control bypass through authorization header parsing (CVE-2026-0707). Red Hat has released new container images that address these issues for on-premise or private cloud OpenShift deployments.
Potential Impact
The vulnerabilities collectively could allow attackers to bypass authentication mechanisms, gain unauthorized access, cause denial of service conditions, or bypass security controls within Keycloak deployments. This impacts the integrity and availability of authentication services managed by Keycloak in OpenShift environments. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released updated container images for Red Hat build of Keycloak 26.4.10 that address these vulnerabilities. Users should back up their existing installations, including applications, configuration files, and databases, before applying the update. Applying the updated images is the recommended remediation. Patch status is confirmed by the vendor advisory. No additional mitigations are specified beyond applying the update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:3948
- Cve Count
- 8
- Additional Cves
- ["CVE-2026-1190","CVE-2026-2092","CVE-2026-2575","CVE-2026-2603","CVE-2026-2733","CVE-2026-3009","CVE-2026-3047"]
- Cvss Version
- null
Threat ID: 6a273212e29bf47b509c07fd
Added to database: 6/8/2026, 9:20:18 PM
Last enriched: 6/8/2026, 9:22:25 PM
Last updated: 6/8/2026, 10:23:03 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.