Bypass in Client Policies of Keycloak by Red Hat
CVE-2026-16093
5.4MEDIUM
What is CVE-2026-16093?
A vulnerability exists in Keycloak's Client Policies feature, enabling an attacker with valid client credentials to bypass the requirement for signed JWTs. This flaw allows attackers to authenticate with unsigned assertion headers, effectively misleading the system into accepting the assertions as valid. Consequently, this could result in the use of less secure authentication methods, despite security policies enforced by system administrators.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.