CVE-2026-3009

⚠️ high

Summary

A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.

CVSS Score

8.1

High

EPSS Score

0.0

Exploit Probability

Published Date

2026-03-05

First Seen: 2026-03-06

📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 77.6% of all 318,071 vulnerabilities in our database.

#71,134

Top 25% most severe

Severity Percentile

🎯 CISA SSVC Assessment Updated: Mar 6, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Total

Complete system compromise possible

SSVC data provided by CISA

Last Modified 2026-03-24

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE IDs (Weakness Types)

CWE-863

📦 Affected Products 6

Vendor	Product	Status	Affected Versions
redhat	jboss_enterprise_application_platform	Affected	v8.0
redhat	single_sign-on	Affected	v7.0
redhat	jboss_enterprise_application_platform_expansion_pack	Affected	v-
redhat	build_of_keycloak	Affected	v-
redhat	build_of_keycloak	Affected	v26.4
redhat	build_of_keycloak	Affected	v26.4.10

🔗 References 4

https://access.redhat.com/errata/RHSA-2026:3947

Vendor Advisory

https://access.redhat.com/errata/RHSA-2026:3948

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2026-3009

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2441867

Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-37977	ℹ️ low	3.7	0.0	A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vuln...	2026-04-06
CVE-2026-28367	⚠️ high	8.7	0.0	A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block ter...	2026-03-27
CVE-2026-28368	⚠️ high	8.7	0.1	A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where ...	2026-03-27
CVE-2026-28369	⚠️ high	8.7	0.1	A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more...	2026-03-27
CVE-2026-3121	🔶 medium	6.5	0.0	A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where thi...	2026-03-26
CVE-2026-3190	🔶 medium	4.3	0.0	A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to ...	2026-03-26

These CVEs affect the same products