CVE-2026-3047

⚠️ high

Summary

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.

CVSS Score

8.8

High

EPSS Score

0.3

Exploit Probability

Published Date

2026-03-05

First Seen: 2026-03-06

📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 81.1% of all 318,071 vulnerabilities in our database.

#60,199

Top 25% most severe

Severity Percentile

🎯 CISA SSVC Assessment Updated: Mar 6, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Total

Complete system compromise possible

SSVC data provided by CISA

Last Modified 2026-03-26

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-305

📦 Affected Products 6

Vendor	Product	Status	Affected Versions
redhat	keycloak	Affected	v-
redhat	build_of_keycloak	Affected	v-
redhat	build_of_keycloak	Affected	v26.2
redhat	build_of_keycloak	Affected	v26.2.14
redhat	build_of_keycloak	Affected	v26.4
redhat	build_of_keycloak	Affected	v26.4.10

🔗 References 6

https://access.redhat.com/errata/RHSA-2026:3925

Vendor Advisory

https://access.redhat.com/errata/RHSA-2026:3926

Vendor Advisory

https://access.redhat.com/errata/RHSA-2026:3947

Vendor Advisory

https://access.redhat.com/errata/RHSA-2026:3948

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2026-3047

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2441966

Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	Summary	Published
CVE-2026-37977	ℹ️ low	3.7	A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vuln...	2026-04-06
CVE-2026-3121	🔶 medium	6.5	A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where thi...	2026-03-26
CVE-2026-3190	🔶 medium	4.3	A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to ...	2026-03-26
CVE-2026-3009	⚠️ high	8.1	A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an...	2026-03-05
CVE-2026-0871	🔶 medium	4.9	A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can vi...	2026-02-27
CVE-2025-12150	ℹ️ low	3.1	A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the co...	2026-02-27

These CVEs affect the same products