CVE-2026-2092

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw exists in Keycloak’s Security Assertion Markup Language (SAML) broker endpoint. The endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure. The vulnerable component is the SAML broker endpoint, which processes SAML responses. The attack involves crafting a malicious SAML response and injecting an encrypted assertion for an arbitrary principal.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.