RHSA-2026:3947
Vulnerability from csaf_redhat - Published: 2026-03-05 19:07 - Updated: 2026-03-06 03:17Summary
Red Hat Security Advisory: Red Hat build of Keycloak 26.4.10 Update
Notes
Topic
New Red Hat build of Keycloak 26.4.10 packages are available from the Customer Portal
Details
Red Hat build of Keycloak 26.4.10 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
Security fixes:
* Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047)
* Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass) (CVE-2026-3009)
* Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603)
* Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)
* Missing Check on Disabled Client for Docker Registry Protocol (CVE-2026-2733)
* Denial of Service due to excessive SAMLRequest decompression (CVE-2026-2575)
* Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData (CVE-2026-1190)
* Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass (CVE-2026-0707)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat build of Keycloak 26.4.10 packages are available from the Customer Portal",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Keycloak 26.4.10 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nSecurity fixes:\n* Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login (CVE-2026-3047)\n* Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass) (CVE-2026-3009)\n* Unauthorized authentication via disabled SAML Identity Provider (CVE-2026-2603)\n* Unauthorized access via improper validation of encrypted SAML assertions (CVE-2026-2092)\n* Missing Check on Disabled Client for Docker Registry Protocol (CVE-2026-2733)\n* Denial of Service due to excessive SAMLRequest decompression (CVE-2026-2575)\n* Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData (CVE-2026-1190)\n* Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass (CVE-2026-0707)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3947",
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3947.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Keycloak 26.4.10 Update",
"tracking": {
"current_release_date": "2026-03-06T03:17:09+00:00",
"generator": {
"date": "2026-03-06T03:17:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2026:3947",
"initial_release_date": "2026-03-05T19:07:56+00:00",
"revision_history": [
{
"date": "2026-03-05T19:07:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-05T19:07:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-06T03:17:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Keycloak 26.4.10",
"product": {
"name": "Red Hat build of Keycloak 26.4.10",
"product_id": "Red Hat build of Keycloak 26.4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:build_keycloak:26.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat build of Keycloak"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guanping Zhang"
]
}
],
"cve": "CVE-2026-0707",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-01-08T02:51:20.440000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the \"Bearer\" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat because Keycloak\u0027s excessive tolerance for non-standard Bearer token formats in the Authorization header can lead to inconsistencies with front-end security controls such as WAFs and proxies. This may enable potential bypass risks, allowing malformed tokens to circumvent intended security policies.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0707"
},
{
"category": "external",
"summary": "RHBZ#2427768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0707",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0707"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0707",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0707"
}
],
"release_date": "2026-01-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "workaround",
"details": "To mitigate this issue, configure any front-end security controls, such as Web Application Firewalls (WAFs) or reverse proxies, to strictly validate and normalize the `Authorization` header before forwarding requests to Keycloak. This ensures that only standard Bearer token formats are processed, preventing potential bypasses.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass"
},
{
"acknowledgments": [
{
"names": [
"Franz Bettag"
],
"organization": "Bettag Systems"
}
],
"cve": "CVE-2026-1190",
"cwe": {
"id": "CWE-112",
"name": "Missing XML Validation"
},
"discovery_date": "2026-01-19T13:38:52.676000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430835"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak\u0027s SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak/keycloak-services: Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. In the Red Hat context, this flaw in Keycloak\u0027s SAML brokering functionality allows an attacker to delay the expiration of SAML responses by not validating the `NotOnOrAfter` timestamp in `SubjectConfirmationData`. This could lead to unexpected session durations or increased resource consumption.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1190"
},
{
"category": "external",
"summary": "RHBZ#2430835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190"
}
],
"release_date": "2026-01-19T08:08:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.keycloak/keycloak-services: Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData"
},
{
"acknowledgments": [
{
"names": [
"Oleh Konko"
]
}
],
"cve": "CVE-2026-2092",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-06T10:25:16.675000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437296"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2092"
},
{
"category": "external",
"summary": "RHBZ#2437296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2092",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2092"
}
],
"release_date": "2026-03-05T12:34:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions"
},
{
"acknowledgments": [
{
"names": [
"Sho Odagiri"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2026-2575",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-02-16T08:36:10.890000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440149"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Keycloak: Denial of Service due to excessive SAMLRequest decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact denial of service flaw affects Red Hat Build of Keycloak (RHBK). An unauthenticated remote attacker can exploit this by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server\u0027s inability to enforce size limits during DEFLATE decompression leads to an OutOfMemoryError, causing process termination and disrupting service availability. This vulnerability is applicable when Keycloak is configured to use SAML Redirect Binding.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2575"
},
{
"category": "external",
"summary": "RHBZ#2440149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2575",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2575"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2575",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2575"
}
],
"release_date": "2026-02-16T08:08:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Keycloak: Denial of Service due to excessive SAMLRequest decompression"
},
{
"cve": "CVE-2026-2603",
"discovery_date": "2026-02-16T21:15:53.373000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440300"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2603"
},
{
"category": "external",
"summary": "RHBZ#2440300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2603"
}
],
"release_date": "2026-03-05T11:23:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider"
},
{
"acknowledgments": [
{
"names": [
"Reynaldo Immanuel",
"Joy Gilbert"
]
}
],
"cve": "CVE-2026-2733",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2026-02-19T07:14:36.991000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440895"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client \u201cEnabled\u201d setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak/keycloak-services: Keycloak: Missing Check on Disabled Client for Docker Registry Protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The security impact of this vulnerability is rated as Low because successful exploitation requires valid user credentials and knowledge of the Docker client ID. While the issue does not allow privilege escalation beyond the authenticated user\u2019s permissions, it undermines an important administrative control. By continuing to issue tokens for a disabled client, the system fails to properly enforce authorization state, potentially resulting in unintended access to protected container images.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2733"
},
{
"category": "external",
"summary": "RHBZ#2440895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440895"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2733"
}
],
"release_date": "2026-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.keycloak/keycloak-services: Keycloak: Missing Check on Disabled Client for Docker Registry Protocol"
},
{
"cve": "CVE-2026-3009",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2026-02-23T04:55:39.695000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441867"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak/keycloak-services: Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The security impact of this vulnerability is considered High because it allows bypassing an explicit administrative security control. Even though user interaction is required, an attacker can authenticate using an Identity Provider that administrators intentionally disabled. This weakens identity governance controls and may result in unauthorized access depending on the trust level of the external IdP. The root cause is insufficient authorization validation during broker login processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3009"
},
{
"category": "external",
"summary": "RHBZ#2441867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3009"
}
],
"release_date": "2026-03-05T11:23:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.keycloak/keycloak-services: Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass)"
},
{
"cve": "CVE-2026-3047",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2026-02-23T17:29:50.192000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441966"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CRITICAL: This flaw allows a disabled SAML client in Keycloak, when configured as an IdP-initiated broker landing target, to still facilitate a successful login. This bypasses the intended security control, granting an authenticated user access to other enabled clients without re-authentication. This issue affects Keycloak instances where a disabled SAML client is configured for IdP-initiated brokering and the user exists in the external Identity Provider.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Keycloak 26.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3047"
},
{
"category": "external",
"summary": "RHBZ#2441966",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441966"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3047"
}
],
"release_date": "2026-03-05T11:24:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-05T19:07:56+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients.",
"product_ids": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Keycloak 26.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…