VYPR
High severityNVD Advisory· Published Mar 18, 2026· Updated Mar 18, 2026

Keycloak: keycloak: unauthorized authentication via disabled saml identity provider

CVE-2026-2603

Description

A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-servicesMaven
< 26.5.526.5.5
org.keycloak:keycloak-server-spi-privateMaven
< 26.5.526.5.5

Affected products

3
  • Red Hat/Red Hat build of Keycloak 26.2.14v5
    cpe:/a:redhat:build_keycloak:26.2::el9
  • Red Hat/Red Hat build of Keycloak 26.4.10v5
    cpe:/a:redhat:build_keycloak:26.4::el9

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.