HIGHCVE-2026-2603Published Modified CNA redhat
CVE-2026-2603: Keycloak: keycloak: unauthorized authentication via disabled saml identity provider
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.
Metrics
- CVSS v3.1
- 8.1
- Severity
- HIGH
- Fixed in
- 26.2.14-1
- Affected Products
- 8
Fix available
26.2.14-126.2-1626.4.10-126.4-12
Affected packages
- Red Hat / Red Hat build of Keycloak 26.2Fixed in 26.2.14-1
- Red Hat / Red Hat build of Keycloak 26.2Fixed in 26.2-16
- Red Hat / Red Hat build of Keycloak 26.2Fixed in 26.2-16
- Red Hat / Red Hat build of Keycloak 26.2.14
- Red Hat / Red Hat build of Keycloak 26.4Fixed in 26.4.10-1
- Red Hat / Red Hat build of Keycloak 26.4Fixed in 26.4-12
- Red Hat / Red Hat build of Keycloak 26.4Fixed in 26.4-12
- Red Hat / Red Hat build of Keycloak 26.4.10
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N