{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2092", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-02-06T10:28:15.411Z", "datePublished": "2026-03-18T01:14:48.364Z", "dateUpdated": "2026-03-18T14:11:08.708Z"}, "containers": {"cna": {"title": "Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "26.2.14-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "versions": [{"version": "26.2-16", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "26.2-16", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2.14", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "rhbk/keycloak-rhel9", "cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "26.4.10-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "versions": [{"version": "26.4-12", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "26.4-12", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4.10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "rhbk/keycloak-rhel9", "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:3925", "name": "RHSA-2026:3925", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3926", "name": "RHSA-2026:3926", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3947", "name": "RHSA-2026:3947", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3948", "name": "RHSA-2026:3948", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-2092", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296", "name": "RHBZ#2437296", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-03-05T12:34:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-1287", "description": "Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1287: Improper Validation of Specified Type of Input", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2026-02-06T10:25:16.675Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-05T12:34:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Oleh Konko for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-18T01:14:48.364Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T14:10:59.125692Z", "id": "CVE-2026-2092", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:11:08.708Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2092", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T14:10:59.125692Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:11:03.636Z"}}], "cna": {"title": "Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions", "credits": [{"lang": "en", "value": "Red Hat would like to thank Oleh Konko for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2", "versions": [{"status": "unaffected", "version": "26.2.14-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2", "versions": [{"status": "unaffected", "version": "26.2-16", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2", "versions": [{"status": "unaffected", "version": "26.2-16", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2.14", "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "versions": [{"status": "unaffected", "version": "26.4.10-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "versions": [{"status": "unaffected", "version": "26.4-12", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "versions": [{"status": "unaffected", "version": "26.4-12", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4.10", "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-06T10:25:16.675Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-05T12:34:00.000Z", "value": "Made public."}], "datePublic": "2026-03-05T12:34:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:3925", "name": "RHSA-2026:3925", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3926", "name": "RHSA-2026:3926", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3947", "name": "RHSA-2026:3947", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3948", "name": "RHSA-2026:3948", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-2092", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296", "name": "RHBZ#2437296", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1287", "description": "Improper Validation of Specified Type of Input"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-18T01:14:48.364Z"}, "x_redhatCweChain": "CWE-1287: Improper Validation of Specified Type of Input"}}, "cveMetadata": {"cveId": "CVE-2026-2092", "state": "PUBLISHED", "dateUpdated": "2026-03-18T14:11:08.708Z", "dateReserved": "2026-02-06T10:28:15.411Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-03-18T01:14:48.364Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Keycloak. El endpoint del broker de Security Assertion Markup Language (SAML) de Keycloak no valida correctamente las aserciones cifradas cuando la respuesta SAML general no est\u00e1 firmada. Un atacante con una aserci\u00f3n SAML firmada v\u00e1lida puede explotar esto al crear una respuesta SAML maliciosa. Esto permite al atacante inyectar una aserci\u00f3n cifrada para un principal arbitrario, lo que lleva a un acceso no autorizado y a una potencial revelaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2026-2092", "lastModified": "2026-03-18T14:52:44.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.3, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-03-18T02:16:24.577", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:3925"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:3926"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:3947"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:3948"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-2092"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Oleh Konko for reporting this issue.", "affected_release": [{"advisory": "RHSA-2026:3925", "cpe": "cpe:/a:redhat:build_keycloak:26.2::el9", "package": "rhbk/keycloak-operator-bundle:26.2.14-1", "product_name": "Red Hat build of Keycloak 26.2", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3925", "cpe": "cpe:/a:redhat:build_keycloak:26.2::el9", "package": "rhbk/keycloak-rhel9:26.2-16", "product_name": "Red Hat build of Keycloak 26.2", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3925", "cpe": "cpe:/a:redhat:build_keycloak:26.2::el9", "package": "rhbk/keycloak-rhel9-operator:26.2-16", "product_name": "Red Hat build of Keycloak 26.2", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3926", "cpe": "cpe:/a:redhat:build_keycloak:26.2::el9", "package": "rhbk/keycloak-rhel9", "product_name": "Red Hat build of Keycloak 26.2.14", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3948", "cpe": "cpe:/a:redhat:build_keycloak:26.4::el9", "package": "keycloak-rhel9-container-26.4-12", "product_name": "Red Hat build of Keycloak 26.4", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3948", "cpe": "cpe:/a:redhat:build_keycloak:26.4::el9", "package": "keycloak-rhel9-operator-bundle-container-26.4.10-1", "product_name": "Red Hat build of Keycloak 26.4", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3948", "cpe": "cpe:/a:redhat:build_keycloak:26.4::el9", "package": "keycloak-rhel9-operator-container-26.4-12", "product_name": "Red Hat build of Keycloak 26.4", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3947", "cpe": "cpe:/a:redhat:build_keycloak:26.4::el9", "package": "rhbk/keycloak-rhel9", "product_name": "Red Hat build of Keycloak 26.4.10", "release_date": "2026-03-05T00:00:00Z"}], "bugzilla": {"description": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions", "id": "2437296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "status": "verified"}, "cwe": "CWE-1287", "details": ["No description is available for this CVE."], "name": "CVE-2026-2092", "public_date": "2026-03-05T12:34:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2092\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2092"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "26.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "26.4"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "build_keycloak", "vendor": "redhat"}], "analysis": {"en": {"generated_at": "2026-04-16T02:44:26.951345+00:00", "value": {"mitigation_remediation": ["Apply the Red\u00a0Hat Security Advisory RHSA\u20112026:3925, RHSA\u20112026:3926, RHSA\u20112026:3947, or RHSA\u20112026:3948 to update Keycloak to a patched version.", "Configure Keycloak to require that all SAML responses be signed by the identity provider and reject unsigned or improperly signed responses.", "Restrict network access to the Keycloak SAML broker endpoint, allowing only trusted identity providers to send assertions."], "summary": {"action": "Patch now", "impact": "Unauthorized access"}, "threat_synthesis": {"affected_systems": "The flaw affects Red\u00a0Hat build of Keycloak versions 26.2, 26.2.14, 26.4, and 26.4.10. Customers using these builds on Red\u00a0Hat Enterprise Linux\u00a09 are at risk.", "description_and_impact": "Keycloak's SAML broker endpoint fails to validate encrypted assertions when the overall SAML response is not signed. An attacker who already possesses a signed SAML assertion can forge a SAML response that includes a maliciously encrypted assertion for an arbitrary user. This allows the attacker to impersonate that user and access resources or data for which the user has privileges, potentially revealing sensitive information.", "risk_and_exploitability": "With a CVSS score of 7.7 and an EPSS of less than 1\u202f%, the vulnerability is considered high severity but unlikely to be widely exploited at present. The CVE is not listed in the CISA KEV catalog. The exploit requires network access to the SAML broker endpoint and the ability to craft a signed but malformed SAML response, making the attack vector remote and feasible against publicly exposed Keycloak instances."}}}}, "created": "2026-03-06T15:18:27.041589+00:00", "updated": "2026-04-16T02:45:06.092000+00:00", "vendors": ["redhat", "redhat$PRODUCT$build_keycloak"]}