org.keycloak:keycloak-saml-core (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.keycloak:keycloak-saml-core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2024-8698 — CVSS 7.7 (high): A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether…
CVE-2026-2092 — CVSS 7.7 (high): A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted…
CVE-2026-7307 — CVSS 7.5 (high): A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup…
CVE-2021-3827 — CVSS 6.8 (medium): A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this…
CVE-2026-2575 — CVSS 5.3 (medium): A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a…