CVE-2026-1190
Summary: CVE-2026-1190 affects Keycloak when used as a SAML client; it fails to validate the NotOnOrAfter timestamp in SubjectConfirmationData, allowing an attacker to delay SAML response expiration and potentially extend valid session duration. What’s affected: Keycloak’s SAML brokering function...