Is Red Hat Build Of Keycloak 26.4.10 affected by CVE-2026-2603?

Keycloak's SAML authentication endpoint contains a critical flaw that allows attackers to bypass identity provider controls and gain unauthorized access to systems, even when those providers are disabled.

CVE-2026-2603

EUVD-2026-12690 HIGH

2026-03-18 redhat

GHSA-x4p7-7chp-64hq

8.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch Released

Apr 10, 2026 - 08:30 nvd

Patch available

EUVD ID Assigned

Mar 18, 2026 - 01:30 euvd

EUVD-2026-12690

Analysis Generated

Mar 18, 2026 - 01:30 vuln.today

CVE Published

Mar 18, 2026 - 01:14 nvd

HIGH 8.1

Description

A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.

Analysis

Keycloak contains an authentication bypass vulnerability in its SAML broker functionality that allows remote attackers with low-level privileges to complete IdP-initiated broker logins even when the SAML Identity Provider has been administratively disabled. Red Hat Build of Keycloak versions 26.2 and 26.4 are affected, with patches available in versions 26.2-16, 26.2.14-1, 26.4-12, and 26.4.10-1. …

Remediation

Within 24 hours: Disable SAML IdP-initiated broker login functionality in Keycloak if not operationally critical; audit recent SAML authentication logs for suspicious activity. Within 7 days: Implement network segmentation to restrict Keycloak SAML endpoints to trusted networks only; deploy WAF rules to rate-limit and validate SAML requests; conduct forensic analysis of authentication attempts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +40

POC: 0

Vendor Status

Debian

Bug #1088287

keycloak

Release	Status	Fixed Version	Urgency
	open	-	-

CVE-2026-2603 vulnerability details – vuln.today

Back

CVE-2026-2603

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Debian

Share

CVE-2026-2603

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Debian

Share

External POC / Exploit Code