CVE-2026-2603

A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2026:3925
https://access.redhat.com/errata/RHSA-2026:3926
https://access.redhat.com/errata/RHSA-2026:3947
https://access.redhat.com/errata/RHSA-2026:3948
https://access.redhat.com/security/cve/CVE-2026-2603
https://bugzilla.redhat.com/show_bug.cgi?id=2440300
https://bugzilla.redhat.com/show_bug.cgi?id=2440300

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-18 02:16

Updated : 2026-03-18 15:16

NVD link : CVE-2026-2603

Mitre link : CVE-2026-2603

CVE.ORG link : CVE-2026-2603

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2026-2603", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2026-03-18T02:16:24.813", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:3925", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:3926", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:3947", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:3948", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-2603", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440300", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Keycloak. Un atacante remoto podr\u00eda eludir los controles de seguridad al enviar una respuesta SAML v\u00e1lida desde un Proveedor de Identidad (IdP) externo al punto final SAML de Keycloak para inicios de sesi\u00f3n de intermediario iniciados por el IdP. Esto permite al atacante completar inicios de sesi\u00f3n de intermediario incluso cuando el Proveedor de Identidad SAML est\u00e1 deshabilitado, lo que lleva a una autenticaci\u00f3n no autorizada."}], "lastModified": "2026-03-18T15:16:30.500", "sourceIdentifier": "secalert@redhat.com"}