SAML Assertion Validation Flaw in Keycloak by Red Hat
CVE-2026-2092

7.7HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Build Of Keycloak 26.2
Red Hat Build Of Keycloak 26.2.14
Red Hat Build Of Keycloak 26.4
Red Hat Build Of Keycloak 26.4.10
Vendor
CVE Published:
18 March 2026

What is CVE-2026-2092?

A significant security flaw has been identified in Keycloak's Security Assertion Markup Language (SAML) broker endpoint. This vulnerability stems from improper validation of encrypted assertions when the overall SAML response lacks a signature. An attacker possessing a valid signed SAML assertion can exploit this issue by manipulating a SAML response, thereby injecting an encrypted assertion for an arbitrary principal. Successful exploitation may lead to unauthorized access and the potential for sensitive information disclosure.

Affected Version(s)

Red Hat build of Keycloak 26.2 26.2.14-1

Red Hat build of Keycloak 26.2 26.2-16

Red Hat build of Keycloak 26.2 26.2-16

References

https://access.redhat.com/errata/RHSA-2026:3925
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3926
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3947
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Oleh Konko for reporting this issue.
.