VDB

CVE-2026-3047

CVE-2026-3047 PUBLISHED CVSS 8.800000190734863 HIGH

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.

EPSS 0.45% · 63.7th percentile

Risk Scores

CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.45%
63.7th percentile

Affected Products

VendorProductVersions
Red HatRed Hat build of Keycloak 26.426.4-12, 26.4-12, 26.4-12
Red HatRed Hat build of Keycloak 26.226.2-16, 26.2-16, 26.2-16
Mavenorg.keycloak:keycloak-broker-saml0, 0, 0
Red HatRed Hat build of Keycloak 26.226.2-16, 26.2-16, 26.2-16
redhatbuild_of_keycloak26.2, 26.2, 26.2.14
Red HatRed Hat build of Keycloak 26.426.4.10-1, 26.4.10-1, 26.4.10-1
Red HatRed Hat build of Keycloak 26.226.2.14-1, 26.2.14-1, 26.2.14-1
redhatkeycloak
Red HatRed Hat build of Keycloak 26.426.4-12, 26.4-12, 26.4-12
Red HatRed Hat build of Keycloak 26.4.10
Red HatRed Hat build of Keycloak 26.2.14

Timeline

  • Mar 5, 2026 CVE Published
  • Mar 5, 2026 PoC Published
  • Mar 6, 2026 CVE Updated
  • Mar 6, 2026 EPSS Score
  • Mar 6, 2026 Distribution Patch
  • Mar 6, 2026 Distribution Patch
  • Mar 6, 2026 Distribution Patch
  • Mar 6, 2026 Distribution Patch
  • Mar 6, 2026 Security Advisory
  • Mar 6, 2026 Security Advisory
  • Mar 6, 2026 Security Advisory
  • Mar 6, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›