CVE-2026-2092

Published: Mar 18, 2026 Last Modified: Mar 18, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,7
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: low
Availability: low

Description

AI Translation Available

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.

1287

Improper Validation of Specified Type of Input

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
All platforms may be affected
View CWE Details
https://access.redhat.com/errata/RHSA-2026:3925
https://access.redhat.com/errata/RHSA-2026:3925
https://access.redhat.com/errata/RHSA-2026:3926
https://access.redhat.com/errata/RHSA-2026:3926
https://access.redhat.com/errata/RHSA-2026:3947
https://access.redhat.com/errata/RHSA-2026:3947
https://access.redhat.com/errata/RHSA-2026:3948
https://access.redhat.com/errata/RHSA-2026:3948
https://access.redhat.com/security/cve/CVE-2026-2092
https://access.redhat.com/security/cve/CVE-2026-2092
https://bugzilla.redhat.com/show_bug.cgi?id=2437296
https://bugzilla.redhat.com/show_bug.cgi?id=2437296