← Zuruck zu CVEs
CVE-2026-2603
HIGH8.1
Beschreibung
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.
CVE Details
CVSS v3.1 Bewertung8.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht3/18/2026
Zuletzt geandert3/18/2026
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-306
Referenzen
https://access.redhat.com/errata/RHSA-2026:3925(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:3926(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:3947(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2026:3948(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2026-2603(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2440300(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2440300(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.