RHSA-2026:3926

Vulnerability from csaf_redhat - Published: 2026-03-05 15:33 - Updated: 2026-03-06 03:17
Summary
Red Hat Security Advisory: Red Hat build of Keycloak 26.2.14 Update

Notes

Topic
New Red Hat build of Keycloak 26.2.14 packages are available from the Customer Portal
Details
Red Hat build of Keycloak 26.2.14 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes: * Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047) * Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603) * Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat build of Keycloak 26.2.14 packages are available from the Customer Portal",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat build of Keycloak 26.2.14 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nSecurity fixes:\n* Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047)\n* Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603)\n* Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:3926",
        "url": "https://access.redhat.com/errata/RHSA-2026:3926"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3926.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of Keycloak 26.2.14 Update",
    "tracking": {
      "current_release_date": "2026-03-06T03:17:10+00:00",
      "generator": {
        "date": "2026-03-06T03:17:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.2"
        }
      },
      "id": "RHSA-2026:3926",
      "initial_release_date": "2026-03-05T15:33:39+00:00",
      "revision_history": [
        {
          "date": "2026-03-05T15:33:39+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-03-05T15:33:39+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-06T03:17:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat build of Keycloak 26.2.14",
                "product": {
                  "name": "Red Hat build of Keycloak 26.2.14",
                  "product_id": "Red Hat build of Keycloak 26.2.14",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:build_keycloak:26.2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat build of Keycloak"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Oleh Konko"
          ]
        }
      ],
      "cve": "CVE-2026-2092",
      "cwe": {
        "id": "CWE-1287",
        "name": "Improper Validation of Specified Type of Input"
      },
      "discovery_date": "2026-02-06T10:25:16.675000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2437296"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat build of Keycloak 26.2.14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-2092"
        },
        {
          "category": "external",
          "summary": "RHBZ#2437296",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-2092",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2092"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092"
        }
      ],
      "release_date": "2026-03-05T12:34:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-05T15:33:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
          "product_ids": [
            "Red Hat build of Keycloak 26.2.14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:3926"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat build of Keycloak 26.2.14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions"
    },
    {
      "cve": "CVE-2026-2603",
      "discovery_date": "2026-02-16T21:15:53.373000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2440300"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat build of Keycloak 26.2.14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-2603"
        },
        {
          "category": "external",
          "summary": "RHBZ#2440300",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-2603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2603"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603"
        }
      ],
      "release_date": "2026-03-05T11:23:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-05T15:33:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
          "product_ids": [
            "Red Hat build of Keycloak 26.2.14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:3926"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat build of Keycloak 26.2.14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider"
    },
    {
      "cve": "CVE-2026-3047",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "discovery_date": "2026-02-23T17:29:50.192000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2441966"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "CRITICAL: This flaw allows a disabled SAML client in Keycloak, when configured as an IdP-initiated broker landing target, to still facilitate a successful login. This bypasses the intended security control, granting an authenticated user access to other enabled clients without re-authentication. This issue affects Keycloak instances where a disabled SAML client is configured for IdP-initiated brokering and the user exists in the external Identity Provider.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat build of Keycloak 26.2.14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-3047"
        },
        {
          "category": "external",
          "summary": "RHBZ#2441966",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-3047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3047"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047"
        }
      ],
      "release_date": "2026-03-05T11:24:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-05T15:33:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
          "product_ids": [
            "Red Hat build of Keycloak 26.2.14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:3926"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients.",
          "product_ids": [
            "Red Hat build of Keycloak 26.2.14"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat build of Keycloak 26.2.14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.