CVE-2026-3009

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw exists in the IdentityBrokerService.performLogin endpoint of Keycloak that allows authentication to continue using an Identity Provider (IdP) even after it has been administratively disabled. An attacker with knowledge of the IdP alias can reuse a previous login request to circumvent the administrative restriction. This bypasses access control enforcement, potentially enabling unauthorized authentication through a disabled external provider.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.