Red Hat Security Advisory: Red Hat build of Keycloak 26.4.10 Update
Red Hat has released an important security advisory for the Red Hat build of Keycloak 26. 4. 10 addressing multiple vulnerabilities. These include several authentication bypass issues related to disabled SAML clients and identity providers, improper validation of encrypted SAML assertions, denial of service via excessive SAMLRequest decompression, and potential security control bypass through authorization header parsing. The update fixes eight CVEs affecting authentication and authorization mechanisms in Keycloak. Users are advised to back up their installations before applying the update.
AI Analysis
Technical Summary
The Red Hat build of Keycloak 26.4.10, a standalone authentication and single sign-on server, contains multiple security vulnerabilities. These include authentication bypasses due to disabled SAML clients and identity providers (CVE-2026-3047, CVE-2026-3009, CVE-2026-2603), improper validation of encrypted SAML assertions leading to unauthorized access (CVE-2026-2092), missing checks on disabled clients for Docker Registry Protocol (CVE-2026-2733), denial of service via excessive SAMLRequest decompression (CVE-2026-2575), response delays due to unchecked NotOnOrAfter timestamps in SAML SubjectConfirmationData (CVE-2026-1190), and potential security control bypass via authorization header parsing (CVE-2026-0707). Red Hat has issued an update to address these issues.
Potential Impact
These vulnerabilities collectively impact the authentication and authorization processes of Keycloak, potentially allowing unauthorized authentication, bypass of security controls, denial of service conditions, and improper handling of SAML assertions. Exploitation could undermine the integrity of single sign-on and identity brokering services provided by Keycloak, affecting the security posture of applications relying on it for authentication.
Mitigation Recommendations
Red Hat has released an updated version of the Red Hat build of Keycloak 26.4.10 that addresses these vulnerabilities. Users should back up their existing installations, including applications, configuration files, and databases, before applying the update. Applying this update is the recommended remediation. Patch status is confirmed by the vendor advisory. No additional mitigation steps are indicated beyond applying the official update.
Red Hat Security Advisory: Red Hat build of Keycloak 26.4.10 Update
Description
Red Hat has released an important security advisory for the Red Hat build of Keycloak 26. 4. 10 addressing multiple vulnerabilities. These include several authentication bypass issues related to disabled SAML clients and identity providers, improper validation of encrypted SAML assertions, denial of service via excessive SAMLRequest decompression, and potential security control bypass through authorization header parsing. The update fixes eight CVEs affecting authentication and authorization mechanisms in Keycloak. Users are advised to back up their installations before applying the update.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Red Hat build of Keycloak 26.4.10, a standalone authentication and single sign-on server, contains multiple security vulnerabilities. These include authentication bypasses due to disabled SAML clients and identity providers (CVE-2026-3047, CVE-2026-3009, CVE-2026-2603), improper validation of encrypted SAML assertions leading to unauthorized access (CVE-2026-2092), missing checks on disabled clients for Docker Registry Protocol (CVE-2026-2733), denial of service via excessive SAMLRequest decompression (CVE-2026-2575), response delays due to unchecked NotOnOrAfter timestamps in SAML SubjectConfirmationData (CVE-2026-1190), and potential security control bypass via authorization header parsing (CVE-2026-0707). Red Hat has issued an update to address these issues.
Potential Impact
These vulnerabilities collectively impact the authentication and authorization processes of Keycloak, potentially allowing unauthorized authentication, bypass of security controls, denial of service conditions, and improper handling of SAML assertions. Exploitation could undermine the integrity of single sign-on and identity brokering services provided by Keycloak, affecting the security posture of applications relying on it for authentication.
Mitigation Recommendations
Red Hat has released an updated version of the Red Hat build of Keycloak 26.4.10 that addresses these vulnerabilities. Users should back up their existing installations, including applications, configuration files, and databases, before applying the update. Applying this update is the recommended remediation. Patch status is confirmed by the vendor advisory. No additional mitigation steps are indicated beyond applying the official update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:3947
- Cve Count
- 8
- Additional Cves
- ["CVE-2026-1190","CVE-2026-2092","CVE-2026-2575","CVE-2026-2603","CVE-2026-2733","CVE-2026-3009","CVE-2026-3047"]
- Cvss Version
- null
Threat ID: 6a273213e29bf47b509c0905
Added to database: 6/8/2026, 9:20:19 PM
Last enriched: 6/8/2026, 9:22:30 PM
Last updated: 6/8/2026, 10:23:03 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.