CVE-2026-3047 โ€” Authentication Bypass by Primary Weakness in Redhat Build OF Keycloak

CWE-305 โ€” Authentication Bypass by Primary Weakness6 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 33.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Build OF Keycloak
Timeline
PublishedMar 5

Description

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

โ–ถNVDredhat/build_of_keycloak4 versions+3

๐Ÿ”ดVulnerability Details

3
CVEList
Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated loginโ†—2026-03-05
โ–ถ
GHSA
Keycloak SAML Broken has Authentication Bypass by Primary Weaknessโ†—2026-03-05
โ–ถ
OSV
Keycloak SAML Broken has Authentication Bypass by Primary Weaknessโ†—2026-03-05
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated loginโ†—2026-03-05
โ–ถ

๐Ÿ•ต๏ธThreat Intelligence

1
Wiz
CVE-2026-3047 Impact, Exploitability, and Mitigation Steps | Wizโ†—
โ–ถ
CVE-2026-3047 โ€” Redhat Build OF Keycloak vulnerability | cvebase