Excessive Platform Resource Consumption within a Loop

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Excessive Platform Resource Consumption within a Loop via the scope parameter processing in the OpenID Connec...

EUVD-2026-18212

A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...

GHSA-H4WV-G838-66G3 Keycloak: Application-Level DoS via Scope Processing

A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...

CVE-2026-4634

A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability that stems from sending a specially crafted POST request with an excessively long scope parameter to the OIDC token endpoint. This can lead to excessive resource...