Keycloak: Unauthorized access via improper validation of encrypted SAML assertions

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...

GHSA-WMXR-6J5F-838P Keycloak: Unauthorized access via improper validation of encrypted SAML assertions

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...

CVE-2026-2092

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...

CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...

CVE-2026-2092

Keycloak SAML broker endpoint vulnerability: encrypted SAML assertions are not properly validated when the overall SAML response is unsigned. An attacker with a valid signed SAML assertion can craft a malicious SAML response to inject an encrypted assertion for an arbitrary principal, leading to ...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the SAML proxy endpoint failing to properly verify encrypted assertions. This vulnerability may lead to unauthorized access and information leakage...

PT-2026-25967

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak’s Security Assertion Markup Language SAML broker endpoint. The endpoint does not properly validate encrypted assertions when the overall SAML response is not signed...

keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.14 Update

New Red Hat build of Keycloak 26.2.14 packages are available from the Customer Portal Red Hat build of Keycloak 26.2.14 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...

keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...

CVE-2024-9487

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be...

CVE-2024-9487

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be...

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server GHES that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 CVSS score: 10.0, the issue could permit unauthorized access to an instance without requiring prior...

PT-2024-33706 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server affected versions not specified Description: The issue affects instances with SAML SSO and encrypted assertions, allowing an attacker to forge a SAML response and gain admin privileges and unrestricted access to the...

CVE-2024-4985

An authentication bypass vulnerability was present in the GitHub Enterprise Server GHES when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with...

CVE-2024-4985

The CVE-2024-4985 issue affects GitHub Enterprise Server (GHES) where SAML SSO with optional encrypted assertions can be abused to forge a SAML response, enabling provisioning or access to a site administrator account without prior authentication. The vulnerability impacts all GHES versions prior...

CVE-2024-4985

An authentication bypass vulnerability was present in the GitHub Enterprise Server GHES when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with...

PT-2024-5050 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13.0 GitHub Enterprise Server version 3.9.15 GitHub Enterprise Server version 3.10.12 GitHub Enterprise Server version 3.11.10 GitHub Enterprise Server version 3.12.4 Description: An authentication...

GHSA-MFCP-34XW-P57X Authentication Bypass in saml2-js

Versions of saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely. Recommendation Upgrade to version 2.0.5 or later...

Authentication Bypass in saml2-js

Versions of saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely. Recommendation Upgrade to version 2.0.5 or later...