4149 matches found
CVE-2026-2603
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider IdP to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity...
CVE-2026-2092
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...
CVE-2026-2603 Keycloak: keycloak: unauthorized authentication via disabled saml identity provider
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider IdP to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity...
CVE-2026-2603 Keycloak: keycloak: unauthorized authentication via disabled saml identity provider
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider IdP to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity...
CVE-2026-2603
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider IdP to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity...
CVE-2026-2603
CVE-2026-2603 affects Keycloak: an attacker can bypass security by sending a valid SAML response from an external IdP to the Keycloak SAML endpoint for IdP-initiated broker logins, enabling unauthorized authentication. The issue is described across multiple sources (NVD/EUVD/GHSA) with a CVSS v3....
CVE-2026-2092
Keycloak SAML broker endpoint vulnerability: encrypted SAML assertions are not properly validated when the overall SAML response is unsigned. An attacker with a valid signed SAML assertion can craft a malicious SAML response to inject an encrypted assertion for an arbitrary principal, leading to ...
CVE-2026-2092
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...
CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...
CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...
Keycloak 代码问题漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has code-related vulnerabilities; these vulnerabilities stem from improper handling of client configuration requests through HTTP redirection, which may lead to information leaks and internal...
PT-2026-25968
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A security bypass exists in Keycloak where a remote attacker can circumvent security measures by submitting a valid Security Assertion Markup Language SAML response from an external Identity...
PT-2026-26027
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where an unauthenticated remote attacker can trigger an application-level Denial of Service DoS by sending a highly compressed SAMLRequest through the SAML Redirect...
PT-2026-26028
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak, an identity and access management solution, where it incorrectly handles HTTP redirects when processing specific client configuration requests. This allows an...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the SAML proxy endpoint failing to properly verify encrypted assertions. This vulnerability may lead to unauthorized access and information leakage...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the SAML endpoint not verifying the status of external identity Providers. This could lead to bypassing security controls and performing unauthorized...
PT-2026-25967
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak’s Security Assertion Markup Language SAML broker endpoint. The endpoint does not properly validate encrypted assertions when the overall SAML response is not signed...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the lack of enforcement of size limits in SAML redirection bindings. This vulnerability may lead to application-level denial-of-service attacks...
Exposure of Resource to Wrong Sphere
Overview apache-airflow-providers-keycloak is a Provider package apache-airflow-providers-keycloak for Apache Airflow Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain unauthoriz...
BIT-PARSE-2026-30949 Parse Server is missing audience validation in Keycloak authentication adapter
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid access token...