Description

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.

INFO

Published Date :

2026-03-18T01:14:48.364Z

Last Modified :

2026-03-18T14:11:08.708Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-2092 vulnerability.

Vendors Products
Redhat
  • Build Keycloak
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2092.

URL Resource
https://access.redhat.com/errata/RHSA-2026:3925 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:3926 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:3947 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:3948 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2026-2092 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2437296 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-2092 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-2092 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact