CVE-2026-2603

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A security bypass exists in Keycloak where a remote attacker can circumvent security measures by submitting a valid Security Assertion Markup Language (SAML) response from an external Identity Provider (IdP) to the Keycloak SAML endpoint. This occurs during IdP-initiated broker logins, allowing attackers to complete logins even when the SAML Identity Provider is disabled, resulting in unauthorized authentication. The affected API endpoint is the Keycloak SAML endpoint. The vulnerability involves manipulating the SAML response to bypass authentication checks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.