Package Instance

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/releases/tag/25.0.6

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/releases/tag/25.0.6

reference_url

https://access.redhat.com/security/cve/CVE-2024-8698

reference_id

CVE-2024-8698

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2024-8698

reference_url

reference_id

CVE-2024-8698

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-4xx7-2cx3-x473

reference_url

reference_id

GHSA-4xx7-2cx3-x473

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4xx7-2cx3-x473

fixed_packages

url pkg:maven/org.keycloak/keycloak-saml-core@25.0.6

purl pkg:maven/org.keycloak/keycloak-saml-core@25.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5gut-s9z6-u3gs

vulnerability	VCID-wwh9-7awg-h7g6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core@25.0.6

aliases GHSA-4xx7-2cx3-x473

risk_score 3.5

exploitability 0.5

weighted_severity 6.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3dtv-nmku-qfd8

url VCID-4whe-byzu-uber

vulnerability_id VCID-4whe-byzu-uber

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3827

reference_id

reference_type

scores

value	0.00208
scoring_system	epss
scoring_elements	0.43492
published_at	2026-06-13T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43316
published_at	2026-06-11T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43483
published_at	2026-06-14T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43473
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3827

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2007512

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2007512

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d

reference_url

https://security.archlinux.org/AVG-1332

reference_id

AVG-1332

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1332

reference_url

https://access.redhat.com/security/cve/CVE-2021-3827

reference_id

CVE-2021-3827

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2021-3827

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3827

reference_id

CVE-2021-3827

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3827

reference_url

https://github.com/advisories/GHSA-4pc7-vqv5-5r3v

reference_id

GHSA-4pc7-vqv5-5r3v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4pc7-vqv5-5r3v

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v

reference_id

GHSA-4pc7-vqv5-5r3v

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v

reference_url	https://access.redhat.com/errata/RHSA-2022:0151
reference_id	RHSA-2022:0151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0151

reference_url	https://access.redhat.com/errata/RHSA-2022:0152
reference_id	RHSA-2022:0152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0152

reference_url	https://access.redhat.com/errata/RHSA-2022:0155
reference_id	RHSA-2022:0155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0155

reference_url	https://access.redhat.com/errata/RHSA-2022:0164
reference_id	RHSA-2022:0164
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0164

fixed_packages

url pkg:maven/org.keycloak/keycloak-saml-core@18.0.0

purl pkg:maven/org.keycloak/keycloak-saml-core@18.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3dtv-nmku-qfd8

vulnerability	VCID-5gut-s9z6-u3gs

vulnerability	VCID-w4u4-5ugf-r3fp

vulnerability	VCID-wwh9-7awg-h7g6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core@18.0.0

aliases CVE-2021-3827, GHSA-4pc7-vqv5-5r3v, GMS-2022-1098

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4whe-byzu-uber

url VCID-5gut-s9z6-u3gs

vulnerability_id VCID-5gut-s9z6-u3gs

summary A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2092

reference_id

reference_type

scores

value	0.00105
scoring_system	epss
scoring_elements	0.28328
published_at	2026-06-14T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28116
published_at	2026-06-11T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28312
published_at	2026-06-12T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28337
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2092

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2092

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2092

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id	cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id	cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9

reference_url

https://access.redhat.com/security/cve/CVE-2026-2092

reference_id

CVE-2026-2092

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/

url

https://access.redhat.com/security/cve/CVE-2026-2092

reference_url

https://github.com/advisories/GHSA-wmxr-6j5f-838p

reference_id

GHSA-wmxr-6j5f-838p

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wmxr-6j5f-838p

reference_url

https://access.redhat.com/errata/RHSA-2026:3925

reference_id

RHSA-2026:3925

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/

url

https://access.redhat.com/errata/RHSA-2026:3925

reference_url

https://access.redhat.com/errata/RHSA-2026:3926

reference_id

RHSA-2026:3926

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/

url

https://access.redhat.com/errata/RHSA-2026:3926

reference_url

reference_id

RHSA-2026:3947

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/

url

reference_url

reference_id

RHSA-2026:3948

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2437296

reference_url

reference_id

show_bug.cgi?id=2437296

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2437296

fixed_packages

url	pkg:maven/org.keycloak/keycloak-saml-core@26.2.14
purl	pkg:maven/org.keycloak/keycloak-saml-core@26.2.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core@26.2.14

url	pkg:maven/org.keycloak/keycloak-saml-core@26.4.10
purl	pkg:maven/org.keycloak/keycloak-saml-core@26.4.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core@26.4.10

url	pkg:maven/org.keycloak/keycloak-saml-core@26.5.5
purl	pkg:maven/org.keycloak/keycloak-saml-core@26.5.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core@26.5.5

aliases CVE-2026-2092, GHSA-wmxr-6j5f-838p

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5gut-s9z6-u3gs

url VCID-w4u4-5ugf-r3fp

vulnerability_id VCID-w4u4-5ugf-r3fp

summary A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8698.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8698.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8698

reference_id

reference_type

scores

value	0.82215
scoring_system	epss
scoring_elements	0.99242
published_at	2026-06-14T12:55:00Z

value	0.82215
scoring_system	epss
scoring_elements	0.99243
published_at	2026-06-13T12:55:00Z

value	0.82215
scoring_system	epss
scoring_elements	0.9924
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8698

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/releases/tag/25.0.6

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/releases/tag/25.0.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id	cpe:/a:redhat:build_keycloak:
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id	cpe:/a:redhat:build_keycloak:22
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id	cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
reference_id	cpe:/a:redhat:build_keycloak:24
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
reference_id	cpe:/a:redhat:build_keycloak:24::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id	cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8

reference_url

https://access.redhat.com/security/cve/CVE-2024-8698

reference_id

CVE-2024-8698

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/security/cve/CVE-2024-8698

reference_url

reference_id

CVE-2024-8698

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-xgfv-xpx8-qhcr

reference_url

reference_id

GHSA-xgfv-xpx8-qhcr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xgfv-xpx8-qhcr

reference_url

https://github.com/keycloak/keycloak/security/advisories/GHSA-xgfv-xpx8-qhcr

reference_id

GHSA-xgfv-xpx8-qhcr

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/security/advisories/GHSA-xgfv-xpx8-qhcr

reference_url

https://access.redhat.com/errata/RHSA-2024:6878

reference_id

RHSA-2024:6878

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/errata/RHSA-2024:6878

reference_url

https://access.redhat.com/errata/RHSA-2024:6879

reference_id

RHSA-2024:6879

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/errata/RHSA-2024:6879

reference_url

https://access.redhat.com/errata/RHSA-2024:6880

reference_id

RHSA-2024:6880

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/errata/RHSA-2024:6880

reference_url

https://access.redhat.com/errata/RHSA-2024:6882

reference_id

RHSA-2024:6882

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/errata/RHSA-2024:6882

reference_url

https://access.redhat.com/errata/RHSA-2024:6886

reference_id

RHSA-2024:6886

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/errata/RHSA-2024:6886

reference_url

https://access.redhat.com/errata/RHSA-2024:6887

reference_id

RHSA-2024:6887

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/errata/RHSA-2024:6887

reference_url

https://access.redhat.com/errata/RHSA-2024:6888

reference_id

RHSA-2024:6888

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/errata/RHSA-2024:6888

reference_url

https://access.redhat.com/errata/RHSA-2024:6889

reference_id

RHSA-2024:6889

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/errata/RHSA-2024:6889

reference_url

https://access.redhat.com/errata/RHSA-2024:6890

reference_id

RHSA-2024:6890

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/errata/RHSA-2024:6890

reference_url

https://access.redhat.com/errata/RHSA-2024:8823

reference_id

RHSA-2024:8823

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/errata/RHSA-2024:8823

reference_url

https://access.redhat.com/errata/RHSA-2024:8824

reference_id

RHSA-2024:8824

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/errata/RHSA-2024:8824

reference_url

https://access.redhat.com/errata/RHSA-2024:8826

reference_id

RHSA-2024:8826

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://access.redhat.com/errata/RHSA-2024:8826

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2311641

reference_id

show_bug.cgi?id=2311641

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T17:28:59Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2311641

fixed_packages

url	pkg:maven/org.keycloak/keycloak-saml-core@22.0.13
purl	pkg:maven/org.keycloak/keycloak-saml-core@22.0.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core@22.0.13

url	pkg:maven/org.keycloak/keycloak-saml-core@24.0.8
purl	pkg:maven/org.keycloak/keycloak-saml-core@24.0.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core@24.0.8

url pkg:maven/org.keycloak/keycloak-saml-core@25.0.6

purl pkg:maven/org.keycloak/keycloak-saml-core@25.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5gut-s9z6-u3gs

vulnerability	VCID-wwh9-7awg-h7g6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-saml-core@25.0.6

aliases CVE-2024-8698, GHSA-xgfv-xpx8-qhcr

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4u4-5ugf-r3fp

url VCID-wwh9-7awg-h7g6

vulnerability_id VCID-wwh9-7awg-h7g6

summary A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2575

reference_id

reference_type

scores

value	0.0003
scoring_system	epss
scoring_elements	0.09255
published_at	2026-06-14T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09211
published_at	2026-06-11T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09264
published_at	2026-06-12T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09265
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2575

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04

reference_url

https://github.com/keycloak/keycloak/issues/46372

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/issues/46372

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2575

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2575

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id	cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9

reference_url

https://access.redhat.com/security/cve/CVE-2026-2575

reference_id

CVE-2026-2575

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/

url

https://access.redhat.com/security/cve/CVE-2026-2575

reference_url

https://github.com/advisories/GHSA-xv6h-r36f-3gp5

reference_id

GHSA-xv6h-r36f-3gp5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xv6h-r36f-3gp5

reference_url

reference_id

RHSA-2026:3947

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/

url

reference_url

reference_id

RHSA-2026:3948

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/

url