Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-3047 (GCVE-0-2026-3047)
Vulnerability from cvelistv5 – Published: 2026-03-05 18:28 – Updated: 2026-03-06 18:13
VLAI?
EPSS
Title
Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login
Summary
A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.
Severity ?
8.8 (High)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat build of Keycloak 26.2 |
Unaffected:
26.2.14-1 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.2::el9 |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T18:13:06.967396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T18:13:14.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2.14-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-16",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "unaffected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.2.14",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4.10-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "unaffected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.4.10",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-05T11:24:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T02:36:29.782Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:3925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3925"
},
{
"name": "RHSA-2026:3926",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3926"
},
{
"name": "RHSA-2026:3947",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"name": "RHSA-2026:3948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-3047"
},
{
"name": "RHBZ#2441966",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-23T17:29:50.192Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-05T11:24:00.000Z",
"value": "Made public."
}
],
"title": "Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-3047",
"datePublished": "2026-03-05T18:28:36.337Z",
"dateReserved": "2026-02-23T17:30:53.926Z",
"dateUpdated": "2026-03-06T18:13:14.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-3047\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2026-03-05T19:16:18.383\",\"lastModified\":\"2026-03-05T20:16:17.137\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-305\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3925\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3926\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3947\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3948\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-3047\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2441966\",\"source\":\"secalert@redhat.com\"}]}}"
}
}
RHSA-2026:3926
Vulnerability from csaf_redhat - Published: 2026-03-05 15:33 - Updated: 2026-03-06 03:17Summary
Red Hat Security Advisory: Red Hat build of Keycloak 26.2.14 Update
Notes
Topic
New Red Hat build of Keycloak 26.2.14 packages are available from the Customer Portal
Details
Red Hat build of Keycloak 26.2.14 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
Security fixes:
* Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047)
* Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603)
* Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat build of Keycloak 26.2.14 packages are available from the Customer Portal",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Keycloak 26.2.14 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nSecurity fixes:\n* Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047)\n* Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603)\n* Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3926",
"url": "https://access.redhat.com/errata/RHSA-2026:3926"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3926.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Keycloak 26.2.14 Update",
"tracking": {
"current_release_date": "2026-03-06T03:17:10+00:00",
"generator": {
"date": "2026-03-06T03:17:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2026:3926",
"initial_release_date": "2026-03-05T15:33:39+00:00",
"revision_history": [
{
"date": "2026-03-05T15:33:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-05T15:33:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-06T03:17:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Keycloak 26.2.14",
"product": {
"name": "Red Hat build of Keycloak 26.2.14",
"product_id": "Red Hat build of Keycloak 26.2.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:build_keycloak:26.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat build of Keycloak"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Oleh Konko"
]
}
],
"cve": "CVE-2026-2092",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-06T10:25:16.675000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437296"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.2.14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2092"
},
{
"category": "external",
"summary": "RHBZ#2437296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2092",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092"
}
],
"release_date": "2026-03-05T12:34:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T15:33:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.2.14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3926"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.2.14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions"
},
{
"cve": "CVE-2026-2603",
"discovery_date": "2026-02-16T21:15:53.373000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440300"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.2.14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2603"
},
{
"category": "external",
"summary": "RHBZ#2440300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603"
}
],
"release_date": "2026-03-05T11:23:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T15:33:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.2.14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3926"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.2.14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider"
},
{
"cve": "CVE-2026-3047",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2026-02-23T17:29:50.192000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CRITICAL: This flaw allows a disabled SAML client in Keycloak, when configured as an IdP-initiated broker landing target, to still facilitate a successful login. This bypasses the intended security control, granting an authenticated user access to other enabled clients without re-authentication. This issue affects Keycloak instances where a disabled SAML client is configured for IdP-initiated brokering and the user exists in the external Identity Provider.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.2.14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3047"
},
{
"category": "external",
"summary": "RHBZ#2441966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047"
}
],
"release_date": "2026-03-05T11:24:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T15:33:39+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.2.14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3926"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients.",
"product_ids": [
"Red Hat build of Keycloak 26.2.14"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.2.14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login"
}
]
}
RHSA-2026:3925
Vulnerability from csaf_redhat - Published: 2026-03-05 15:35 - Updated: 2026-03-06 03:17Summary
Red Hat Security Advisory: Red Hat build of Keycloak 26.2.14 Images Update
Notes
Topic
New images are available for Red Hat build of Keycloak 26.2.14 and Red Hat build of Keycloak 26.2.14 Operator, running on OpenShift Container Platform
Details
Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.
Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.2.14 clusters.
This erratum releases new images for Red Hat build of Keycloak 26.2.14 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.
Security fixes:
* Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047)
* Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603)
* Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New images are available for Red Hat build of Keycloak 26.2.14 and Red Hat build of Keycloak 26.2.14 Operator, running on OpenShift Container Platform",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.\nRed Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.2.14 clusters.\nThis erratum releases new images for Red Hat build of Keycloak 26.2.14 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.\n\nSecurity fixes:\n* Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047)\n* Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603)\n* Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3925",
"url": "https://access.redhat.com/errata/RHSA-2026:3925"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3925.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Keycloak 26.2.14 Images Update",
"tracking": {
"current_release_date": "2026-03-06T03:17:07+00:00",
"generator": {
"date": "2026-03-06T03:17:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2026:3925",
"initial_release_date": "2026-03-05T15:35:42+00:00",
"revision_history": [
{
"date": "2026-03-05T15:35:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-05T15:35:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-06T03:17:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Keycloak 26.2",
"product": {
"name": "Red Hat build of Keycloak 26.2",
"product_id": "9Base-RHBK-26.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:build_keycloak:26.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat build of Keycloak"
},
{
"branches": [
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"product": {
"name": "rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"product_id": "rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6?arch=ppc64le\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.2-16"
}
}
},
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"product": {
"name": "rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"product_id": "rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.2-16"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"product": {
"name": "rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"product_id": "rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337?arch=arm64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.2-16"
}
}
},
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"product": {
"name": "rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"product_id": "rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10?arch=arm64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.2-16"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"product": {
"name": "rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"product_id": "rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e?arch=s390x\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.2-16"
}
}
},
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"product": {
"name": "rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"product_id": "rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53?arch=s390x\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.2-16"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64",
"product": {
"name": "rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64",
"product_id": "rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.2-16"
}
}
},
{
"category": "product_version",
"name": "rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"product": {
"name": "rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"product_id": "rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-operator-bundle\u0026tag=26.2.14-1"
}
}
},
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"product": {
"name": "rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"product_id": "rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.2-16"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64 as a component of Red Hat build of Keycloak 26.2",
"product_id": "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64"
},
"product_reference": "rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"relates_to_product_reference": "9Base-RHBK-26.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64 as a component of Red Hat build of Keycloak 26.2",
"product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64"
},
"product_reference": "rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"relates_to_product_reference": "9Base-RHBK-26.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le as a component of Red Hat build of Keycloak 26.2",
"product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le"
},
"product_reference": "rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"relates_to_product_reference": "9Base-RHBK-26.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64 as a component of Red Hat build of Keycloak 26.2",
"product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64"
},
"product_reference": "rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"relates_to_product_reference": "9Base-RHBK-26.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x as a component of Red Hat build of Keycloak 26.2",
"product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x"
},
"product_reference": "rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"relates_to_product_reference": "9Base-RHBK-26.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x as a component of Red Hat build of Keycloak 26.2",
"product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x"
},
"product_reference": "rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"relates_to_product_reference": "9Base-RHBK-26.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le as a component of Red Hat build of Keycloak 26.2",
"product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le"
},
"product_reference": "rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"relates_to_product_reference": "9Base-RHBK-26.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64 as a component of Red Hat build of Keycloak 26.2",
"product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64"
},
"product_reference": "rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"relates_to_product_reference": "9Base-RHBK-26.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64 as a component of Red Hat build of Keycloak 26.2",
"product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
},
"product_reference": "rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64",
"relates_to_product_reference": "9Base-RHBK-26.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Oleh Konko"
]
}
],
"cve": "CVE-2026-2092",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-06T10:25:16.675000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437296"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2092"
},
{
"category": "external",
"summary": "RHBZ#2437296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2092",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092"
}
],
"release_date": "2026-03-05T12:34:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T15:35:42+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3925"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions"
},
{
"cve": "CVE-2026-2603",
"discovery_date": "2026-02-16T21:15:53.373000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440300"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2603"
},
{
"category": "external",
"summary": "RHBZ#2440300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603"
}
],
"release_date": "2026-03-05T11:23:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T15:35:42+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3925"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider"
},
{
"cve": "CVE-2026-3047",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2026-02-23T17:29:50.192000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CRITICAL: This flaw allows a disabled SAML client in Keycloak, when configured as an IdP-initiated broker landing target, to still facilitate a successful login. This bypasses the intended security control, granting an authenticated user access to other enabled clients without re-authentication. This issue affects Keycloak instances where a disabled SAML client is configured for IdP-initiated brokering and the user exists in the external Identity Provider.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3047"
},
{
"category": "external",
"summary": "RHBZ#2441966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047"
}
],
"release_date": "2026-03-05T11:24:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T15:35:42+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3925"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients.",
"product_ids": [
"9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:ca0959572305bc27cc969355f06e14b0bb5c7dedea9619e884f7bd3bec9bb2bc_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:252532cad9e091df87b895d82a59dfb6bc7bc97a777fe313ca43f0cacee7bd10_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:6dead5fff17a33fc1e37a28f98051f631a74b616d0a2d66fe84169d0eeaed0b4_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:c1664981fec90044019cc72cd634f7d1568e9ca906bce2c6365dfa548ac88122_amd64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:cb02cd23c13e0ae1e6404784b22608444b0752749432970ad1e8c4f2cd74ea53_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:08b5b94d827dbdaba29126c9389476341d1ca9ebeca6a764491862a38d19bb0e_s390x",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:172d9f060709fdf5df5b6a8db9dc8001ff4d41025900e225d43ded8d189522d6_ppc64le",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:708b0282101911143c468a7c78a3c815e8a8fcee01d001d1e9504d7fa14c9337_arm64",
"9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:97f579e9720a458a3d4a277dd19cc0e669b70bf863fdda5298f420d6442dd199_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login"
}
]
}
RHSA-2026:3948
Vulnerability from csaf_redhat - Published: 2026-03-05 19:09 - Updated: 2026-03-06 03:17Summary
Red Hat Security Advisory: Red Hat build of Keycloak 26.4.10 Images Update
Notes
Topic
New images are available for Red Hat build of Keycloak 26.4.10 and Red Hat build of Keycloak 26.4.10 Operator, running on OpenShift Container Platform
Details
Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.
Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.4.10 clusters.
This erratum releases new images for Red Hat build of Keycloak 26.4.10 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.
Security fixes:
* Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047)
* Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass) (CVE-2026-3009)
* Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603)
* Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)
* Missing Check on Disabled Client for Docker Registry Protocol (CVE-2026-2733)
* Denial of Service due to excessive SAMLRequest decompression (CVE-2026-2575)
* Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData (CVE-2026-1190)
* Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass (CVE-2026-0707)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New images are available for Red Hat build of Keycloak 26.4.10 and Red Hat build of Keycloak 26.4.10 Operator, running on OpenShift Container Platform",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.\nRed Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.4.10 clusters.\nThis erratum releases new images for Red Hat build of Keycloak 26.4.10 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.\n\nSecurity fixes:\n* Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047)\n* Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass) (CVE-2026-3009)\n* Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603)\n* Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)\n* Missing Check on Disabled Client for Docker Registry Protocol (CVE-2026-2733)\n* Denial of Service due to excessive SAMLRequest decompression (CVE-2026-2575)\n* Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData (CVE-2026-1190)\n* Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass (CVE-2026-0707)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3948",
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3948.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Keycloak 26.4.10 Images Update",
"tracking": {
"current_release_date": "2026-03-06T03:17:12+00:00",
"generator": {
"date": "2026-03-06T03:17:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2026:3948",
"initial_release_date": "2026-03-05T19:09:49+00:00",
"revision_history": [
{
"date": "2026-03-05T19:09:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-05T19:09:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-06T03:17:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Keycloak 26.4",
"product": {
"name": "Red Hat build of Keycloak 26.4",
"product_id": "9Base-RHBK-26.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:build_keycloak:26.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat build of Keycloak"
},
{
"branches": [
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"product": {
"name": "rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"product_id": "rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.4-12"
}
}
},
{
"category": "product_version",
"name": "rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"product": {
"name": "rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"product_id": "rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-operator-bundle\u0026tag=26.4.10-1"
}
}
},
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"product": {
"name": "rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"product_id": "rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.4-12"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x",
"product": {
"name": "rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x",
"product_id": "rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd?arch=s390x\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.4-12"
}
}
},
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"product": {
"name": "rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"product_id": "rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf?arch=s390x\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.4-12"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"product": {
"name": "rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"product_id": "rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7?arch=arm64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.4-12"
}
}
},
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"product": {
"name": "rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"product_id": "rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7?arch=arm64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.4-12"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"product": {
"name": "rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"product_id": "rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899?arch=ppc64le\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.4-12"
}
}
},
{
"category": "product_version",
"name": "rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"product": {
"name": "rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"product_id": "rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814?arch=ppc64le\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.4-12"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64 as a component of Red Hat build of Keycloak 26.4",
"product_id": "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64"
},
"product_reference": "rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"relates_to_product_reference": "9Base-RHBK-26.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64 as a component of Red Hat build of Keycloak 26.4",
"product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64"
},
"product_reference": "rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"relates_to_product_reference": "9Base-RHBK-26.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64 as a component of Red Hat build of Keycloak 26.4",
"product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64"
},
"product_reference": "rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"relates_to_product_reference": "9Base-RHBK-26.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x as a component of Red Hat build of Keycloak 26.4",
"product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x"
},
"product_reference": "rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"relates_to_product_reference": "9Base-RHBK-26.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le as a component of Red Hat build of Keycloak 26.4",
"product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le"
},
"product_reference": "rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"relates_to_product_reference": "9Base-RHBK-26.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64 as a component of Red Hat build of Keycloak 26.4",
"product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64"
},
"product_reference": "rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"relates_to_product_reference": "9Base-RHBK-26.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le as a component of Red Hat build of Keycloak 26.4",
"product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le"
},
"product_reference": "rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"relates_to_product_reference": "9Base-RHBK-26.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64 as a component of Red Hat build of Keycloak 26.4",
"product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64"
},
"product_reference": "rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"relates_to_product_reference": "9Base-RHBK-26.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x as a component of Red Hat build of Keycloak 26.4",
"product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
},
"product_reference": "rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x",
"relates_to_product_reference": "9Base-RHBK-26.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guanping Zhang"
]
}
],
"cve": "CVE-2026-0707",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-01-08T02:51:20.440000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the \"Bearer\" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat because Keycloak\u0027s excessive tolerance for non-standard Bearer token formats in the Authorization header can lead to inconsistencies with front-end security controls such as WAFs and proxies. This may enable potential bypass risks, allowing malformed tokens to circumvent intended security policies.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0707"
},
{
"category": "external",
"summary": "RHBZ#2427768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0707",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0707"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0707",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0707"
}
],
"release_date": "2026-01-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:09:49+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"category": "workaround",
"details": "To mitigate this issue, configure any front-end security controls, such as Web Application Firewalls (WAFs) or reverse proxies, to strictly validate and normalize the `Authorization` header before forwarding requests to Keycloak. This ensures that only standard Bearer token formats are processed, preventing potential bypasses.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass"
},
{
"acknowledgments": [
{
"names": [
"Franz Bettag"
],
"organization": "Bettag Systems"
}
],
"cve": "CVE-2026-1190",
"cwe": {
"id": "CWE-112",
"name": "Missing XML Validation"
},
"discovery_date": "2026-01-19T13:38:52.676000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430835"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak\u0027s SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak/keycloak-services: Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. In the Red Hat context, this flaw in Keycloak\u0027s SAML brokering functionality allows an attacker to delay the expiration of SAML responses by not validating the `NotOnOrAfter` timestamp in `SubjectConfirmationData`. This could lead to unexpected session durations or increased resource consumption.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1190"
},
{
"category": "external",
"summary": "RHBZ#2430835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190"
}
],
"release_date": "2026-01-19T08:08:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:09:49+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.keycloak/keycloak-services: Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData"
},
{
"acknowledgments": [
{
"names": [
"Oleh Konko"
]
}
],
"cve": "CVE-2026-2092",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-06T10:25:16.675000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437296"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2092"
},
{
"category": "external",
"summary": "RHBZ#2437296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2092",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092"
}
],
"release_date": "2026-03-05T12:34:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:09:49+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions"
},
{
"acknowledgments": [
{
"names": [
"Sho Odagiri"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2026-2575",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-02-16T08:36:10.890000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440149"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Keycloak: Denial of Service due to excessive SAMLRequest decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact denial of service flaw affects Red Hat Build of Keycloak (RHBK). An unauthenticated remote attacker can exploit this by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server\u0027s inability to enforce size limits during DEFLATE decompression leads to an OutOfMemoryError, causing process termination and disrupting service availability. This vulnerability is applicable when Keycloak is configured to use SAML Redirect Binding.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2575"
},
{
"category": "external",
"summary": "RHBZ#2440149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2575",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2575"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2575",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2575"
}
],
"release_date": "2026-02-16T08:08:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:09:49+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Keycloak: Denial of Service due to excessive SAMLRequest decompression"
},
{
"cve": "CVE-2026-2603",
"discovery_date": "2026-02-16T21:15:53.373000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440300"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2603"
},
{
"category": "external",
"summary": "RHBZ#2440300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603"
}
],
"release_date": "2026-03-05T11:23:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:09:49+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider"
},
{
"acknowledgments": [
{
"names": [
"Reynaldo Immanuel",
"Joy Gilbert"
]
}
],
"cve": "CVE-2026-2733",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2026-02-19T07:14:36.991000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440895"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client \u201cEnabled\u201d setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak/keycloak-services: Keycloak: Missing Check on Disabled Client for Docker Registry Protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The security impact of this vulnerability is rated as Low because successful exploitation requires valid user credentials and knowledge of the Docker client ID. While the issue does not allow privilege escalation beyond the authenticated user\u2019s permissions, it undermines an important administrative control. By continuing to issue tokens for a disabled client, the system fails to properly enforce authorization state, potentially resulting in unintended access to protected container images.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2733"
},
{
"category": "external",
"summary": "RHBZ#2440895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440895"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2733"
}
],
"release_date": "2026-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:09:49+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.keycloak/keycloak-services: Keycloak: Missing Check on Disabled Client for Docker Registry Protocol"
},
{
"cve": "CVE-2026-3009",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2026-02-23T04:55:39.695000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441867"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak/keycloak-services: Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The security impact of this vulnerability is considered High because it allows bypassing an explicit administrative security control. Even though user interaction is required, an attacker can authenticate using an Identity Provider that administrators intentionally disabled. This weakens identity governance controls and may result in unauthorized access depending on the trust level of the external IdP. The root cause is insufficient authorization validation during broker login processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3009"
},
{
"category": "external",
"summary": "RHBZ#2441867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3009"
}
],
"release_date": "2026-03-05T11:23:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:09:49+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.keycloak/keycloak-services: Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass)"
},
{
"cve": "CVE-2026-3047",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2026-02-23T17:29:50.192000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CRITICAL: This flaw allows a disabled SAML client in Keycloak, when configured as an IdP-initiated broker landing target, to still facilitate a successful login. This bypasses the intended security control, granting an authenticated user access to other enabled clients without re-authentication. This issue affects Keycloak instances where a disabled SAML client is configured for IdP-initiated brokering and the user exists in the external Identity Provider.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3047"
},
{
"category": "external",
"summary": "RHBZ#2441966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047"
}
],
"release_date": "2026-03-05T11:24:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:09:49+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients.",
"product_ids": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:ae13f29ccde0ddf5d96d14567177fcdfa2dd12cb29ca7793b47c857436d2a3e8_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:2ff84fdf2ccf5ef7fb360d0b33b7369ae948b7eba84926320431adb1da23d9a7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:adc45a57c1cc6f816e6c0074cd9aeba6c6b323a0c708d5d11678bb49af578a6a_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:cbb01b2cdd4857eddc5c94a1382c11901883d0df6176593a099d01791f6b72bf_s390x",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:edeb162dfffdcaf118c3fa7b951a563de58a88b4604764c8651396056e6ba814_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:48fa03e7e881b996085a2207878c6ab610fa770fbedf41f195d270aefb8bf9f7_arm64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:73cf1a2410318ef2e508c21dc5c3332d3f3658eaab7d9b0e4dadfb570c002899_ppc64le",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:884c31d8ddfd03349a65bc76851cdf83d7cf8db0983e9e8c52a648298cd8c7eb_amd64",
"9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:b0efe038b71e19b53e41ccede51fefcd03d81e2aafd6fa0b23b5b9c8dac212fd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login"
}
]
}
RHSA-2026:3947
Vulnerability from csaf_redhat - Published: 2026-03-05 19:07 - Updated: 2026-03-06 03:17Summary
Red Hat Security Advisory: Red Hat build of Keycloak 26.4.10 Update
Notes
Topic
New Red Hat build of Keycloak 26.4.10 packages are available from the Customer Portal
Details
Red Hat build of Keycloak 26.4.10 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
Security fixes:
* Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047)
* Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass) (CVE-2026-3009)
* Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603)
* Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)
* Missing Check on Disabled Client for Docker Registry Protocol (CVE-2026-2733)
* Denial of Service due to excessive SAMLRequest decompression (CVE-2026-2575)
* Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData (CVE-2026-1190)
* Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass (CVE-2026-0707)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat build of Keycloak 26.4.10 packages are available from the Customer Portal",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Keycloak 26.4.10 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nSecurity fixes:\n* Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047)\n* Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass) (CVE-2026-3009)\n* Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603)\n* Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)\n* Missing Check on Disabled Client for Docker Registry Protocol (CVE-2026-2733)\n* Denial of Service due to excessive SAMLRequest decompression (CVE-2026-2575)\n* Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData (CVE-2026-1190)\n* Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass (CVE-2026-0707)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3947",
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3947.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Keycloak 26.4.10 Update",
"tracking": {
"current_release_date": "2026-03-06T03:17:09+00:00",
"generator": {
"date": "2026-03-06T03:17:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2026:3947",
"initial_release_date": "2026-03-05T19:07:56+00:00",
"revision_history": [
{
"date": "2026-03-05T19:07:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-05T19:07:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-06T03:17:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Keycloak 26.4.10",
"product": {
"name": "Red Hat build of Keycloak 26.4.10",
"product_id": "Red Hat build of Keycloak 26.4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:build_keycloak:26.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat build of Keycloak"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guanping Zhang"
]
}
],
"cve": "CVE-2026-0707",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-01-08T02:51:20.440000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the \"Bearer\" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat because Keycloak\u0027s excessive tolerance for non-standard Bearer token formats in the Authorization header can lead to inconsistencies with front-end security controls such as WAFs and proxies. This may enable potential bypass risks, allowing malformed tokens to circumvent intended security policies.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0707"
},
{
"category": "external",
"summary": "RHBZ#2427768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0707",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0707"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0707",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0707"
}
],
"release_date": "2026-01-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "workaround",
"details": "To mitigate this issue, configure any front-end security controls, such as Web Application Firewalls (WAFs) or reverse proxies, to strictly validate and normalize the `Authorization` header before forwarding requests to Keycloak. This ensures that only standard Bearer token formats are processed, preventing potential bypasses.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass"
},
{
"acknowledgments": [
{
"names": [
"Franz Bettag"
],
"organization": "Bettag Systems"
}
],
"cve": "CVE-2026-1190",
"cwe": {
"id": "CWE-112",
"name": "Missing XML Validation"
},
"discovery_date": "2026-01-19T13:38:52.676000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430835"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak\u0027s SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak/keycloak-services: Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. In the Red Hat context, this flaw in Keycloak\u0027s SAML brokering functionality allows an attacker to delay the expiration of SAML responses by not validating the `NotOnOrAfter` timestamp in `SubjectConfirmationData`. This could lead to unexpected session durations or increased resource consumption.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1190"
},
{
"category": "external",
"summary": "RHBZ#2430835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190"
}
],
"release_date": "2026-01-19T08:08:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.keycloak/keycloak-services: Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData"
},
{
"acknowledgments": [
{
"names": [
"Oleh Konko"
]
}
],
"cve": "CVE-2026-2092",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-06T10:25:16.675000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437296"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2092"
},
{
"category": "external",
"summary": "RHBZ#2437296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2092",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092"
}
],
"release_date": "2026-03-05T12:34:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions"
},
{
"acknowledgments": [
{
"names": [
"Sho Odagiri"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2026-2575",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-02-16T08:36:10.890000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440149"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Keycloak: Denial of Service due to excessive SAMLRequest decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact denial of service flaw affects Red Hat Build of Keycloak (RHBK). An unauthenticated remote attacker can exploit this by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server\u0027s inability to enforce size limits during DEFLATE decompression leads to an OutOfMemoryError, causing process termination and disrupting service availability. This vulnerability is applicable when Keycloak is configured to use SAML Redirect Binding.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2575"
},
{
"category": "external",
"summary": "RHBZ#2440149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2575",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2575"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2575",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2575"
}
],
"release_date": "2026-02-16T08:08:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Keycloak: Denial of Service due to excessive SAMLRequest decompression"
},
{
"cve": "CVE-2026-2603",
"discovery_date": "2026-02-16T21:15:53.373000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440300"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2603"
},
{
"category": "external",
"summary": "RHBZ#2440300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603"
}
],
"release_date": "2026-03-05T11:23:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider"
},
{
"acknowledgments": [
{
"names": [
"Reynaldo Immanuel",
"Joy Gilbert"
]
}
],
"cve": "CVE-2026-2733",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2026-02-19T07:14:36.991000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440895"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client \u201cEnabled\u201d setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak/keycloak-services: Keycloak: Missing Check on Disabled Client for Docker Registry Protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The security impact of this vulnerability is rated as Low because successful exploitation requires valid user credentials and knowledge of the Docker client ID. While the issue does not allow privilege escalation beyond the authenticated user\u2019s permissions, it undermines an important administrative control. By continuing to issue tokens for a disabled client, the system fails to properly enforce authorization state, potentially resulting in unintended access to protected container images.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2733"
},
{
"category": "external",
"summary": "RHBZ#2440895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440895"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2733"
}
],
"release_date": "2026-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.keycloak/keycloak-services: Keycloak: Missing Check on Disabled Client for Docker Registry Protocol"
},
{
"cve": "CVE-2026-3009",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2026-02-23T04:55:39.695000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441867"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak/keycloak-services: Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The security impact of this vulnerability is considered High because it allows bypassing an explicit administrative security control. Even though user interaction is required, an attacker can authenticate using an Identity Provider that administrators intentionally disabled. This weakens identity governance controls and may result in unauthorized access depending on the trust level of the external IdP. The root cause is insufficient authorization validation during broker login processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3009"
},
{
"category": "external",
"summary": "RHBZ#2441867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3009"
}
],
"release_date": "2026-03-05T11:23:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.keycloak/keycloak-services: Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass)"
},
{
"cve": "CVE-2026-3047",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2026-02-23T17:29:50.192000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CRITICAL: This flaw allows a disabled SAML client in Keycloak, when configured as an IdP-initiated broker landing target, to still facilitate a successful login. This bypasses the intended security control, granting an authenticated user access to other enabled clients without re-authentication. This issue affects Keycloak instances where a disabled SAML client is configured for IdP-initiated brokering and the user exists in the external Identity Provider.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3047"
},
{
"category": "external",
"summary": "RHBZ#2441966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047"
}
],
"release_date": "2026-03-05T11:24:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login"
}
]
}
GHSA-8CR3-VPXX-92CX
Vulnerability from github – Published: 2026-03-05 21:30 – Updated: 2026-03-06 22:32
VLAI?
Summary
Keycloak SAML Broken has Authentication Bypass by Primary Weakness
Details
A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.
A fix is available at https://github.com/keycloak/keycloak/releases/tag/26.5.5.
Severity ?
8.8 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-broker-saml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.1.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-3047"
],
"database_specific": {
"cwe_ids": [
"CWE-305"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-06T22:32:21Z",
"nvd_published_at": "2026-03-05T19:16:18Z",
"severity": "HIGH"
},
"details": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.\n\nA fix is available at https://github.com/keycloak/keycloak/releases/tag/26.5.5.",
"id": "GHSA-8cr3-vpxx-92cx",
"modified": "2026-03-06T22:32:21Z",
"published": "2026-03-05T21:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3925"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3926"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-3047"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/releases/tag/26.5.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Keycloak SAML Broken has Authentication Bypass by Primary Weakness"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…