Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Keycloak SAML Authentication Bypass by External Identity Provider
CVE-2026-2603
Summary
A security issue in Keycloak allows an attacker to bypass security controls and authenticate with a disabled SAML Identity Provider. This could lead to unauthorized access to your system. To protect your system, ensure that you only allow SAML responses from trusted Identity Providers.
Original title
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initia...
Original description
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.
nvd CVSS3.1
8.1
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 18 Mar 2026 · Updated: 18 Mar 2026 · First seen: 18 Mar 2026