CVE-2026-3047 | THREATINT

Description

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.

PUBLISHED Reserved 2026-02-23 | Published 2026-03-05 | Updated 2026-03-06 | Assigner redhat

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Authentication Bypass by Primary Weakness

Product status

Default status

affected

26.2.14-1 (rpm) before *

unaffected

Default status

affected

26.2-16 (rpm) before *

unaffected

Default status

affected

26.2-16 (rpm) before *

unaffected

Default status

unaffected

Default status

affected

26.4.10-1 (rpm) before *

unaffected

Default status

affected

26.4-12 (rpm) before *

unaffected

Default status

affected

26.4-12 (rpm) before *

unaffected

Default status

unaffected

Timeline

2026-02-23:	Reported to Red Hat.
2026-03-05:	Made public.

References

access.redhat.com/errata/RHSA-2026:3925 (RHSA-2026:3925) vendor-advisory

access.redhat.com/errata/RHSA-2026:3926 (RHSA-2026:3926) vendor-advisory

access.redhat.com/errata/RHSA-2026:3947 (RHSA-2026:3947) vendor-advisory

access.redhat.com/errata/RHSA-2026:3948 (RHSA-2026:3948) vendor-advisory

access.redhat.com/security/cve/CVE-2026-3047 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2441966 (RHBZ#2441966) issue-tracking

cve.org (CVE-2026-3047)

nvd.nist.gov (CVE-2026-3047)

Download JSON

help @ threatint.eu