{ "threat_severity" : "Important", "public_date" : "2026-03-05T12:34:00Z", "bugzilla" : { "description" : "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions", "id" : "2437296", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2437296" }, "cvss3" : { "cvss3_base_score" : "7.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-1287", "details" : [ "A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.", "A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure." ], "statement" : "The issue is rated as important severity. A flaw in Red Hat Build of Keycloak's SAML broker endpoint allows unauthorized access. When the overall SAML response is not signed, an attacker with a valid signed SAML assertion can craft a malicious response to inject an encrypted assertion for an arbitrary principal. This leads to unauthorized access and potential information disclosure.", "acknowledgement" : "Red Hat would like to thank Oleh Konko for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat build of Keycloak 26.2", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3925", "cpe" : "cpe:/a:redhat:build_keycloak:26.2::el9", "package" : "rhbk/keycloak-operator-bundle:26.2.14-1" }, { "product_name" : "Red Hat build of Keycloak 26.2", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3925", "cpe" : "cpe:/a:redhat:build_keycloak:26.2::el9", "package" : "rhbk/keycloak-rhel9:26.2-16" }, { "product_name" : "Red Hat build of Keycloak 26.2", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3925", "cpe" : "cpe:/a:redhat:build_keycloak:26.2::el9", "package" : "rhbk/keycloak-rhel9-operator:26.2-16" }, { "product_name" : "Red Hat build of Keycloak 26.2.14", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3926", "cpe" : "cpe:/a:redhat:build_keycloak:26.2::el9", "package" : "rhbk/keycloak-rhel9" }, { "product_name" : "Red Hat build of Keycloak 26.4", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3948", "cpe" : "cpe:/a:redhat:build_keycloak:26.4::el9", "package" : "rhbk/keycloak-operator-bundle:26.4.10-1" }, { "product_name" : "Red Hat build of Keycloak 26.4", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3948", "cpe" : "cpe:/a:redhat:build_keycloak:26.4::el9", "package" : "rhbk/keycloak-rhel9:26.4-12" }, { "product_name" : "Red Hat build of Keycloak 26.4", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3948", "cpe" : "cpe:/a:redhat:build_keycloak:26.4::el9", "package" : "rhbk/keycloak-rhel9-operator:26.4-12" }, { "product_name" : "Red Hat build of Keycloak 26.4.10", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3947", "cpe" : "cpe:/a:redhat:build_keycloak:26.4::el9", "package" : "rhbk/keycloak-rhel9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-2092\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2092" ], "name" : "CVE-2026-2092", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }