CVE-2026-3047

Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login

Description

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.

INFO

Published Date :

2026-03-05T18:28:36.337Z

Last Modified :

2026-03-06T18:13:14.612Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2026-3047 vulnerability.

Vendors	Products
Red Hat	Red Hat Build Of Keycloak 26.2 Red Hat Build Of Keycloak 26.2.14 Red Hat Build Of Keycloak 26.4 Red Hat Build Of Keycloak 26.4.10
Redhat	Build Keycloak Build Of Keycloak Keycloak

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-3047.

URL	Resource
https://access.redhat.com/errata/RHSA-2026:3925
https://access.redhat.com/errata/RHSA-2026:3926
https://access.redhat.com/errata/RHSA-2026:3947
https://access.redhat.com/errata/RHSA-2026:3948
https://access.redhat.com/security/cve/CVE-2026-3047
https://bugzilla.redhat.com/show_bug.cgi?id=2441966
https://nvd.nist.gov/vuln/detail/CVE-2026-3047
https://www.cve.org/CVERecord?id=CVE-2026-3047

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact