All errata/sisyphus/ALT-PU-2026-4164-6
ALT-PU-2026-4164-6

Package update keycloak in branch sisyphus

Version26.5.5-alt1
Task#410169
Published2026-03-19
Max severityHIGH
Severity:

Closed issues (8)

CVE-2026-2092
HIGH7.7

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.

Published: 2026-03-18Modified: 2026-03-18
CVSS 3.xHIGH 7.7
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
References
CVE-2026-2603
HIGH8.1

A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.

Published: 2026-03-18Modified: 2026-03-18
CVSS 3.xHIGH 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
References
CVE-2026-3009
HIGH8.1

A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.

Published: 2026-03-05Modified: 2026-03-24
CVSS 3.xHIGH 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
References
CVE-2026-3047
HIGH8.8

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.

Published: 2026-03-05Modified: 2026-03-26
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
GHSA-8cr3-vpxx-92cx
HIGH8.8

Keycloak SAML Broken has Authentication Bypass by Primary Weakness

Published: 2026-03-06Modified: 2026-03-07
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
GHSA-m297-3jv9-m927
HIGH8.1

Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator

Published: 2026-03-06Modified: 2026-03-07
CVSS 3.xHIGH 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
References
GHSA-wmxr-6j5f-838p
HIGH7.7

Keycloak: Unauthorized access via improper validation of encrypted SAML assertions

Published: 2026-03-18Modified: 2026-04-08
CVSS 3.xHIGH 7.7
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
References
GHSA-x4p7-7chp-64hq
HIGH8.1

Keycloak: Unauthorized authentication via disabled SAML Identity Provider

Published: 2026-03-18Modified: 2026-04-16
CVSS 3.xHIGH 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
References