Vulnerability-Lookup

RHSA-2026:3925

Vulnerability from csaf_redhat - Published: 2026-03-05 15:35 - Updated: 2026-03-18 03:19

Summary

Red Hat Security Advisory: Red Hat build of Keycloak 26.2.14 Images Update

Severity

Important

Notes

Topic: New images are available for Red Hat build of Keycloak 26.2.14 and Red Hat build of Keycloak 26.2.14 Operator, running on OpenShift Container Platform

Details: Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.2.14 clusters. This erratum releases new images for Red Hat build of Keycloak 26.2.14 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security fixes: * Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047) * Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603) * Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-2092

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

CWE-1287 - Improper Validation of Specified Type of Input

Vendor Fix Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. https://access.redhat.com/errata/RHSA-2026:3925

Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

CVE-2026-2603

A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-306 - Missing Authentication for Critical Function

CVE-2026-3047

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-305 - Authentication Bypass by Primary Weakness

Workaround To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients.

References

URL

Category

	https://access.redhat.com/errata/RHSA-2026:3925	self
	https://access.redhat.com/security/updates/classi…	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2026-2092	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2437296	external
	https://www.cve.org/CVERecord?id=CVE-2026-2092	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-2092	external
	https://access.redhat.com/security/cve/CVE-2026-2603	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2440300	external
	https://www.cve.org/CVERecord?id=CVE-2026-2603	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-2603	external
	https://access.redhat.com/security/cve/CVE-2026-3047	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2441966	external
	https://www.cve.org/CVERecord?id=CVE-2026-3047	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-3047	external

Acknowledgments

Oleh Konko

Reynaldo Immanuel Joy Gilbert

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New images are available for Red Hat build of Keycloak 26.2.14 and Red Hat build of Keycloak 26.2.14 Operator, running on OpenShift Container Platform",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.\nRed Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.2.14 clusters.\nThis erratum releases new images for Red Hat build of Keycloak 26.2.14 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.\n\nSecurity fixes:\n* Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047)\n* Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603)\n* Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:3925",
        "url": "https://access.redhat.com/errata/RHSA-2026:3925"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3925.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of Keycloak 26.2.14 Images Update",
    "tracking": {
      "current_release_date": "2026-03-18T03:19:01+00:00",
      "generator": {
        "date": "2026-03-18T03:19:01+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2026:3925",
      "initial_release_date": "2026-03-05T15:35:42+00:00",
      "revision_history": [
        {
          "date": "2026-03-05T15:35:42+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-03-05T15:35:42+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T03:19:01+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat build of Keycloak 26.2",
                "product": {
                  "name": "Red Hat build of Keycloak 26.2",
                  "product_id": "9Base-RHBK-26.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:build_keycloak:26.2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat build of Keycloak"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
                "product": {
                  "name": "rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
                  "product_id": "rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6?arch=ppc64le\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.2-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
                "product": {
                  "name": "rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
                  "product_id": "rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.2-16"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
                "product": {
                  "name": "rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
                  "product_id": "rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337?arch=arm64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.2-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
                "product": {
                  "name": "rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
                  "product_id": "rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10?arch=arm64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.2-16"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
                "product": {
                  "name": "rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
                  "product_id": "rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e?arch=s390x\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.2-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
                "product": {
                  "name": "rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
                  "product_id": "rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53?arch=s390x\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.2-16"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64",
                "product": {
                  "name": "rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64",
                  "product_id": "rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.2-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
                "product": {
                  "name": "rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
                  "product_id": "rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-operator-bundle\u0026tag=26.2.14-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
                "product": {
                  "name": "rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
                  "product_id": "rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.2-16"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64 as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64"
        },
        "product_reference": "rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64 as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64"
        },
        "product_reference": "rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le"
        },
        "product_reference": "rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64 as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64"
        },
        "product_reference": "rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x"
        },
        "product_reference": "rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x"
        },
        "product_reference": "rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le"
        },
        "product_reference": "rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64 as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64"
        },
        "product_reference": "rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64 as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
        },
        "product_reference": "rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Oleh Konko"
          ]
        }
      ],
      "cve": "CVE-2026-2092",
      "cwe": {
        "id": "CWE-1287",
        "name": "Improper Validation of Specified Type of Input"
      },
      "discovery_date": "2026-02-06T10:25:16.675000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2437296"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. Keycloak\u0027s Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The issue is rated as important severity. A flaw in Red Hat Build of Keycloak\u0027s SAML broker endpoint allows unauthorized access. When the overall SAML response is not signed, an attacker with a valid signed SAML assertion can craft a malicious response to inject an encrypted assertion for an arbitrary principal. This leads to unauthorized access and potential information disclosure.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-2092"
        },
        {
          "category": "external",
          "summary": "RHBZ#2437296",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-2092",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2092"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092"
        }
      ],
      "release_date": "2026-03-05T12:34:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-05T15:35:42+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:3925"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Reynaldo Immanuel",
            "Joy Gilbert"
          ]
        }
      ],
      "cve": "CVE-2026-2603",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "discovery_date": "2026-02-16T21:15:53.373000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2440300"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This important flaw in Red Hat Build of Keycloak allows a remote attacker to bypass security controls. A disabled SAML Identity Provider can still be exploited for unauthorized authentication via IdP-initiated broker logins if the SAML protocol endpoint is reachable and the attacker knows the broker URL.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-2603"
        },
        {
          "category": "external",
          "summary": "RHBZ#2440300",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-2603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2603"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603"
        }
      ],
      "release_date": "2026-03-05T11:23:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-05T15:35:42+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:3925"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider"
    },
    {
      "cve": "CVE-2026-3047",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "discovery_date": "2026-02-23T17:29:50.192000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2441966"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "CRITICAL: This flaw allows a disabled SAML client in Keycloak, when configured as an IdP-initiated broker landing target, to still facilitate a successful login. This bypasses the intended security control, granting an authenticated user access to other enabled clients without re-authentication. This issue affects Keycloak instances where a disabled SAML client is configured for IdP-initiated brokering and the user exists in the external Identity Provider.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-3047"
        },
        {
          "category": "external",
          "summary": "RHBZ#2441966",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-3047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3047"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047"
        }
      ],
      "release_date": "2026-03-05T11:24:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-05T15:35:42+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:3925"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients.",
          "product_ids": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login"
    }
  ]
}

CVE-2026-3047 (GCVE-0-2026-3047)

Vulnerability from cvelistv5 – Published: 2026-03-05 18:28 – Updated: 2026-03-06 18:13

Title

Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login

Summary

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-305 - Authentication Bypass by Primary Weakness

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:3925	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3926	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3947	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3948	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2026-3047	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2441966	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat build of Keycloak 26.2

Unaffected: 26.2.14-1 , < * (rpm)
cpe:/a:redhat:build_keycloak:26.2::el9

Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-16 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-16 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2.14	cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.10-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-12 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-12 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.10	cpe:/a:redhat:build_keycloak:26.4::el9

Date Public ?

2026-03-05 11:24

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3047",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T18:13:06.967396Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T18:13:14.612Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.14-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2.14",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.10",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-03-05T11:24:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T02:36:29.782Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:3925",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3925"
        },
        {
          "name": "RHSA-2026:3926",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3926"
        },
        {
          "name": "RHSA-2026:3947",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3947"
        },
        {
          "name": "RHSA-2026:3948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3948"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-3047"
        },
        {
          "name": "RHBZ#2441966",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-23T17:29:50.192Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-05T11:24:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-3047",
    "datePublished": "2026-03-05T18:28:36.337Z",
    "dateReserved": "2026-02-23T17:30:53.926Z",
    "dateUpdated": "2026-03-06T18:13:14.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2603 (GCVE-0-2026-2603)

Vulnerability from cvelistv5 – Published: 2026-03-18 01:14 – Updated: 2026-03-18 14:10

Title

Keycloak: keycloak: unauthorized authentication via disabled saml identity provider

Summary

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:3925	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3926	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3947	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3948	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2026-2603	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2440300	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat build of Keycloak 26.2

Unaffected: 26.2.14-1 , < * (rpm)
cpe:/a:redhat:build_keycloak:26.2::el9

Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-16 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-16 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2.14	cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.10-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-12 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-12 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.10	cpe:/a:redhat:build_keycloak:26.4::el9

Date Public ?

2026-03-05 11:23

Credits

Red Hat would like to thank Joy Gilbert and Reynaldo Immanuel for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2603",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-18T14:10:05.707703Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T14:10:10.355Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.14-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2.14",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.10",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Joy Gilbert and Reynaldo Immanuel for reporting this issue."
        }
      ],
      "datePublic": "2026-03-05T11:23:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-18T01:14:53.540Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:3925",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3925"
        },
        {
          "name": "RHSA-2026:3926",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3926"
        },
        {
          "name": "RHSA-2026:3947",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3947"
        },
        {
          "name": "RHSA-2026:3948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3948"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-2603"
        },
        {
          "name": "RHBZ#2440300",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-16T21:15:53.373Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-05T11:23:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: unauthorized authentication via disabled saml identity provider",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-306: Missing Authentication for Critical Function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-2603",
    "datePublished": "2026-03-18T01:14:53.540Z",
    "dateReserved": "2026-02-16T21:18:50.125Z",
    "dateUpdated": "2026-03-18T14:10:10.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2092 (GCVE-0-2026-2092)

Vulnerability from cvelistv5 – Published: 2026-03-18 01:14 – Updated: 2026-03-18 14:11

Title

Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions

Summary

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

CWE

CWE-1287 - Improper Validation of Specified Type of Input

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:3925	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3926	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3947	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:3948	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2026-2092	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2437296	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat build of Keycloak 26.2

Unaffected: 26.2.14-1 , < * (rpm)
cpe:/a:redhat:build_keycloak:26.2::el9

Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-16 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-16 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2.14	cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.10-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-12 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-12 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.10	cpe:/a:redhat:build_keycloak:26.4::el9

Date Public ?

2026-03-05 12:34

Credits

Red Hat would like to thank Oleh Konko for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2092",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-18T14:10:59.125692Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T14:11:08.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.14-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2.14",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.10",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Oleh Konko for reporting this issue."
        }
      ],
      "datePublic": "2026-03-05T12:34:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. Keycloak\u0027s Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "Improper Validation of Specified Type of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-18T01:14:48.364Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:3925",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3925"
        },
        {
          "name": "RHSA-2026:3926",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3926"
        },
        {
          "name": "RHSA-2026:3947",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3947"
        },
        {
          "name": "RHSA-2026:3948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3948"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-2092"
        },
        {
          "name": "RHBZ#2437296",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-06T10:25:16.675Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-05T12:34:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-1287: Improper Validation of Specified Type of Input"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-2092",
    "datePublished": "2026-03-18T01:14:48.364Z",
    "dateReserved": "2026-02-06T10:28:15.411Z",
    "dateUpdated": "2026-03-18T14:11:08.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:3925

CVE-2026-3047 (GCVE-0-2026-3047)

CVE-2026-2603 (GCVE-0-2026-2603)

CVE-2026-2092 (GCVE-0-2026-2092)

Tags

Sightings

Nomenclature