PT-2026-55372 · Maven · Org.Keycloak:Keycloak-Services

Published

2026-07-02

·

Updated

2026-07-02

CVSS v3.1

7.7

High

VectorAV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
Keycloak's SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response, injecting an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

GHSA-794G-X443-36F7

Affected Products

Org.Keycloak:Keycloak-Services