You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: advisories/github-reviewed/2026/03/GHSA-8cr3-vpxx-92cx/GHSA-8cr3-vpxx-92cx.json
+34-5Lines changed: 34 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -1,19 +1,40 @@
1
1
{
2
2
"schema_version": "1.4.0",
3
3
"id": "GHSA-8cr3-vpxx-92cx",
4
-
"modified": "2026-03-05T21:30:48Z",
4
+
"modified": "2026-03-06T22:32:21Z",
5
5
"published": "2026-03-05T21:30:48Z",
6
6
"aliases": [
7
7
"CVE-2026-3047"
8
8
],
9
-
"details": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.",
9
+
"summary": "Keycloak SAML Broken has Authentication Bypass by Primary Weakness",
10
+
"details": "A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.\n\nA fix is available at https://github.com/keycloak/keycloak/releases/tag/26.5.5.",
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments