Bypass in Client Policies of Keycloak by Red Hat
CVE-2026-16093

5.4MEDIUM

What is CVE-2026-16093?

A vulnerability exists in Keycloak's Client Policies feature, enabling an attacker with valid client credentials to bypass the requirement for signed JWTs. This flaw allows attackers to authenticate with unsigned assertion headers, effectively misleading the system into accepting the assertions as valid. Consequently, this could result in the use of less secure authentication methods, despite security policies enforced by system administrators.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.
.