GHSA-794g-x443-36f7
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions
Details
Keycloak's SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response, injecting an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.
Are you affected?
Enter the version of the package you're using.
Affected packages
0 No fixed version published yet for org.keycloak:keycloak-services (maven). Pin to a known-safe version or switch to an alternative.
26.3.0 No fixed version published yet for org.keycloak:keycloak-services (maven). Pin to a known-safe version or switch to an alternative.
26.5.0 No fixed version published yet for org.keycloak:keycloak-services (maven). Pin to a known-safe version or switch to an alternative.
References
- https://github.com/keycloak/keycloak/security/advisories/GHSA-794g-x443-36f7 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-2092 [ADVISORY]
- https://github.com/keycloak/keycloak/pull/46929 [WEB]
- https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508 [WEB]
- https://access.redhat.com/errata/RHSA-2026:3925 [WEB]
- https://access.redhat.com/errata/RHSA-2026:3926 [WEB]
- https://access.redhat.com/errata/RHSA-2026:3947 [WEB]
- https://access.redhat.com/errata/RHSA-2026:3948 [WEB]
- https://access.redhat.com/security/cve/CVE-2026-2092 [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=2437296 [WEB]
- https://github.com/keycloak/keycloak [PACKAGE]
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2092.json [WEB]