Security Flaw in Keycloak SAML Identity Provider Bypass
CVE-2026-3047

8.8HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Build Of Keycloak 26.2
Red Hat Build Of Keycloak 26.2.14
Red Hat Build Of Keycloak 26.4
Red Hat Build Of Keycloak 26.4.10
Vendor
CVE Published:
5 March 2026

What is CVE-2026-3047?

A security flaw in Keycloak's implementation of the SAML protocol allows a disabled SAML client, when improperly configured as an Identity Provider (IdP)-initiated broker landing target, to bypass authentication measures. This misconfiguration can allow a remote attacker to successfully complete the login process, thereby establishing a Single Sign-On (SSO) session without the need for re-authentication. As a result, attackers can gain unauthorized access to other enabled clients, undermining security protocols and potentially exposing sensitive information.

Affected Version(s)

Red Hat build of Keycloak 26.2 26.2.14-1

Red Hat build of Keycloak 26.2 26.2-16

Red Hat build of Keycloak 26.2 26.2-16

References

https://access.redhat.com/errata/RHSA-2026:3925
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3926
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3947
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.