Red Hat build of Keycloak
Moderate fix2 remedies
cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 26.5.0, < 26.5.2
Keycloak SAML Identity Provider Authentication Bypass Vulnerability
Vulnerability
Patched
An authentication bypass vulnerability has been identified in Keycloak. A remote attacker can exploit this flaw by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint designated for IdP-initiated broker logins. This exploitation allows the attacker to bypass security controls and complete broker logins, even when the SAML Identity Provider is disabled, resulting in unauthorized authentication.
Impact
Exploiting this vulnerability allows for unauthorized authentication through disabled SAML Identity Providers via IdP-initiated broker logins.
Reproduction
To reproduce this vulnerability, target a Keycloak instance with a disabled SAML Identity Provider. Generate a valid SAML response from an external IdP and send it to the Keycloak SAML endpoint for IdP-initiated broker logins.
Remediation
Users can upgrade to the Red Hat build of Keycloak 26.2.14 or 26.4.10, both of which include a fix for this vulnerability.
Added: Mar 18, 2026, 2:20 AM
Updated: Mar 18, 2026, 2:20 AM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
5.0exploitability
6.4remediation
7.7relevance
4.4threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.