GHSA-794g-x443-36f7HighCVSS 7.7

Keycloak: Unauthorized access via improper validation of encrypted SAML assertions

Published
July 2, 2026
Last Modified
July 2, 2026

🔗 CVE IDs covered (1)

📋 Description

Keycloak's SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response, injecting an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.

🎯 Affected products3

  • maven/org.keycloak:keycloak-services:<= 26.2.5
  • maven/org.keycloak:keycloak-services:>= 26.3.0, <= 26.4.7
  • maven/org.keycloak:keycloak-services:>= 26.5.0, < 26.5.5

🔗 References (12)