7 matches found
CVE-2026-9087 Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...
CVE-2026-9087 Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login
A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...
CVE-2026-9087
CVE-2026-9087 : In Keycloak, the cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity actually verified, allowing a second upstream account on the same IdP to be linked to the victim’s local account. Affected component: Keycloak auth...
CVE-2026-2603 Keycloak: keycloak: unauthorized authentication via disabled saml identity provider
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider IdP to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity...
CVE-2026-2603
CVE-2026-2603 affects Keycloak: an attacker can bypass security by sending a valid SAML response from an external IdP to the Keycloak SAML endpoint for IdP-initiated broker logins, enabling unauthorized authentication. The issue is described across multiple sources (NVD/EUVD/GHSA) with a CVSS v3....
PT-2026-25968
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A security bypass exists in Keycloak where a remote attacker can circumvent security measures by submitting a valid Security Assertion Markup Language SAML response from an external Identity...
Keycloak SAML Broken has Authentication Bypass by Primary Weakness
A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language SAML client is configured as an Identity Provider IdP-initiated broker landing target, it can still complete the login process and establish a Single Sign-On SSO session. This allows a remote attacker...