8.8

CVE-2026-3047

Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatBuild Of Keycloak Version- SwEditiontext-only
RedhatBuild Of Keycloak Version26.2
RedhatBuild Of Keycloak Version26.2.14
RedhatBuild Of Keycloak Version26.4
RedhatBuild Of Keycloak Version26.4.10
RedhatKeycloak Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.47% 0.371
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-305 Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

https://access.redhat.com/security/cve/CVE-2026-3047
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2441966
Vendor Advisory
Issue Tracking
https://access.redhat.com/errata/RHSA-2026:3947
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3948
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3925
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3926
Vendor Advisory
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3047.json