CVE-2026-2603 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the…
High CVSS: 8.1

CVE-2026-2603

A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.
Vendor
-
Product
-
CWE
CWE-306
Yayın Tarihi
2026-03-18 02:16:24
Güncelleme
2026-03-18 15:16:30
Source Identifier
secalert@redhat.com
KEV Date Added
-

Kategoriler

CWE-306 HIGH 2026

Referanslar

https://access.redhat.com/errata/RHSA-2026:3925 https://access.redhat.com/errata/RHSA-2026:3926 https://access.redhat.com/errata/RHSA-2026:3947 https://access.redhat.com/errata/RHSA-2026:3948 https://access.redhat.com/security/cve/CVE-2026-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2440300 https://bugzilla.redhat.com/show_bug.cgi?id=2440300