CVE-2026-3047
CVE-2026-3047
8.8
HighPublished:
Last updated:
Source:secalert@redhat.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.
References
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:3925secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:3926secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:3947secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:3948secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2026-3047secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2441966