Keycloak Container: Update to 26.4.2 (MINDBREEZE34215)

ID: MINDBREEZE34215
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS
Severity: 8.2 High
Status: Final
First published: February 5, 2026
CVEs: CVE-2025-0604, CVE-2025-49146, CVE-2025-49574, CVE-2025-55163, CVE-2025-8916, CVE-2025-7962, CVE-2025-3501, CVE-2025-2559, CVE-2025-3910, CVE-2025-8419

Summary

CVE-2025-0604: Authentication Bypass Due to Missing LDAP Bind
CVE-2025-49146: PostgreSQL JDBC Driver Allows Unsupported Auth Methods
CVE-2025-49574: Quarkus Context Duplication Data Leak
CVE-2025-55163: Netty HTTP/2 MadeYouReset DDoS
CVE-2025-8916: Bouncy Castle PKIX Unbounded Resource Use
CVE-2025-7962: Jakarta Mail SMTP Injection via UTF-8 CRLF
CVE-2025-3501: Keycloak Skips Trust Store Verification
CVE-2025-2559: Keycloak JWT Cache OutOfMemory DoS
CVE-2025-3910: Keycloak Required Actions Bypass
CVE-2025-8419: Keycloak SMTP CRLF Injection

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

Mindbreeze InSpire 25.8 Release
Mindbreeze InSpire SaaS 25.8 Release

Keycloak Container: Update to 26.4.2 (MINDBREEZE34215)

Summary

Social Media

Security

Support

Newsletter

Language