CVE-2026-2603

HIGH EPSS 32.3%

Published Mar 18, 20263mo ago · Modified Jun 17, 20261w ago

8.1 CVSS 3.1

High

Published Mar 18, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.

CVSS Details

Base Score

8.1

Exploitability

2.8

Impact

5.2

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

32.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-306 Missing Authentication for Critical Function Authentication

References 6

access.redhat.com https://access.redhat.com/errata/RHSA-2026:3925
access.redhat.com https://access.redhat.com/errata/RHSA-2026:3926
access.redhat.com https://access.redhat.com/errata/RHSA-2026:3947
access.redhat.com https://access.redhat.com/errata/RHSA-2026:3948
access.redhat.com https://access.redhat.com/security/cve/CVE-2026-2603
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2440300

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.