CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...

EUVD-2026-9864

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language SAML client is configured as an Identity Provider IdP-initiated broker landing target, it can still complete the login process and establish a Single Sign-On SSO session. This allows a remote attacker...

Authentication Bypass by Primary Weakness

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness when a disabled SAML client is configured as an Identity Provider...

CVE-2026-3047

A flaw in Keycloak’s SAML broker (org.keycloak.broker.saml) allows a disabled SAML client, when configured as an IdP-initiated broker landing target, to complete the login flow and establish an SSO session. This can let a remote attacker access other enabled clients without re-authenticating, eff...

CVE-2026-3047

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language SAML client is configured as an Identity Provider IdP-initiated broker landing target, it can still complete the login process and establish a Single Sign-On SSO session. This allows a remote attacker...

PT-2026-23494

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A security issue exists in org.keycloak.broker.saml. Specifically, a disabled Security Assertion Markup Language SAML client configured as an Identity Provider IdP-initiated broker landing...

EUVD-2018-0810

Malware in sbrugna...

EUVD-2019-0650

Malware in sbrugna...

keycloak: SAML broker does not check existence of signature on document allowing any user impersonation

It was found that Keycloak's SAML broker did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to...

Red Hat keycloak denial of service vulnerability

Red Hat keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in the SAML broker consumer endpoint in versions prior to Red Hat keycloak 4.6.0.Final, which stems from a...

CVE-2018-14637

The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack...

Design/Logic Flaw

The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack...

CVE-2018-14637

The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack...

keycloak: expiration not validated in SAML broker consumer endpoint

The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack...