PT-2026-55372 · Maven · Org.Keycloak:Keycloak-Services
Published
2026-07-02
·
Updated
2026-07-02
CVSS v3.1
7.7
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L |
Keycloak's SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response, injecting an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Org.Keycloak:Keycloak-Services