{"api_version":"1","generated_at":"2026-07-09T11:59:28+00:00","cve":"CVE-2026-3047","urls":{"html":"https://cve.report/CVE-2026-3047","api":"https://cve.report/api/cve/CVE-2026-3047.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-3047","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-3047"},"summary":{"title":"Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login","description":"A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.","state":"PUBLISHED","assigner":"redhat","published_at":"2026-03-05 19:16:18","updated_at":"2026-06-30 03:19:10"},"problem_types":["CWE-305","CWE-305 Authentication Bypass by Primary Weakness"],"metrics":[{"version":"3.1","source":"ADP","type":"CVSS","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:3925","name":"https://access.redhat.com/errata/RHSA-2026:3925","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:3947","name":"https://access.redhat.com/errata/RHSA-2026:3947","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:3948","name":"https://access.redhat.com/errata/RHSA-2026:3948","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2026:3926","name":"https://access.redhat.com/errata/RHSA-2026:3926","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441966","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2441966","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2026-3047","name":"https://access.redhat.com/security/cve/CVE-2026-3047","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3047.json","name":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3047.json","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-3047","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3047","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Keycloak 26.2","version":"unaffected 26.2.14-1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Keycloak 26.2","version":"unaffected 26.2-16 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Keycloak 26.2","version":"unaffected 26.2-16 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Keycloak 26.2.14","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","version":"unaffected 26.4.10-1 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","version":"unaffected 26.4-12 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","version":"unaffected 26.4-12 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.10","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat build of Keycloak 26.2","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat build of Keycloak 26.2.14","version":"","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat build of Keycloak 26.4.10","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-02-23T17:29:50.192Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2026-03-05T11:24:00.000Z","lang":"en","value":"Made public."},{"source":"ADP","time":"2026-02-23T17:29:50.192Z","lang":"en","value":"Reported to Red Hat."},{"source":"ADP","time":"2026-03-05T11:24:00.000Z","lang":"en","value":"Made public."}],"solutions":[{"source":"ADP","title":"","value":"RHSA-2026:3925: Red Hat build of Keycloak 26.2","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:3948: Red Hat build of Keycloak 26.4","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:3926: Red Hat build of Keycloak 26.2.14","time":"","lang":"en"},{"source":"ADP","title":"","value":"RHSA-2026:3947: Red Hat build of Keycloak 26.4.10","time":"","lang":"en"}],"workarounds":[{"source":"CNA","title":"","value":"To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients.","time":"","lang":"en"},{"source":"ADP","title":"","value":"To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"3047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"build_of_keycloak","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"text-only","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"3047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"build_of_keycloak","cpe6":"26.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"3047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"build_of_keycloak","cpe6":"26.2.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"3047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"build_of_keycloak","cpe6":"26.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"3047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"build_of_keycloak","cpe6":"26.4.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"3047","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"keycloak","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"3047","cve":"CVE-2026-3047","epss":"0.004690000","percentile":"0.372260000","score_date":"2026-07-02","updated_at":"2026-07-03 00:06:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-3047","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-03-06T18:13:06.967396Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-03-06T18:13:14.612Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"affected":[{"cpes":["cpe:/a:redhat:build_keycloak:26.2::el9"],"defaultStatus":"affected","product":"Red Hat build of Keycloak 26.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"defaultStatus":"affected","product":"Red Hat build of Keycloak 26.4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:build_keycloak:26.2::el9"],"defaultStatus":"affected","product":"Red Hat build of Keycloak 26.2.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"defaultStatus":"affected","product":"Red Hat build of Keycloak 26.4.10","vendor":"Red Hat"}],"datePublic":"2026-03-05T11:24:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-305","description":"Authentication Bypass by Primary Weakness","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T02:45:19.136Z","orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-3047"},{"name":"RHBZ#2441966","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441966"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3047.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3925"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3926"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3947"}],"solutions":[{"lang":"en","value":"RHSA-2026:3925: Red Hat build of Keycloak 26.2"},{"lang":"en","value":"RHSA-2026:3948: Red Hat build of Keycloak 26.4"},{"lang":"en","value":"RHSA-2026:3926: Red Hat build of Keycloak 26.2.14"},{"lang":"en","value":"RHSA-2026:3947: Red Hat build of Keycloak 26.4.10"}],"timeline":[{"lang":"en","time":"2026-02-23T17:29:50.192Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-05T11:24:00.000Z","value":"Made public."}],"title":"org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login","workarounds":[{"lang":"en","value":"To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"}}],"cna":{"affected":[{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:build_keycloak:26.2::el9"],"defaultStatus":"affected","packageName":"rhbk/keycloak-operator-bundle","product":"Red Hat build of Keycloak 26.2","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"26.2.14-1","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:build_keycloak:26.2::el9"],"defaultStatus":"affected","packageName":"rhbk/keycloak-rhel9","product":"Red Hat build of Keycloak 26.2","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"26.2-16","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:build_keycloak:26.2::el9"],"defaultStatus":"affected","packageName":"rhbk/keycloak-rhel9-operator","product":"Red Hat build of Keycloak 26.2","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"26.2-16","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:build_keycloak:26.2::el9"],"defaultStatus":"unaffected","packageName":"rhbk/keycloak-rhel9","product":"Red Hat build of Keycloak 26.2.14","vendor":"Red Hat"},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"defaultStatus":"affected","packageName":"rhbk/keycloak-operator-bundle","product":"Red Hat build of Keycloak 26.4","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"26.4.10-1","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"defaultStatus":"affected","packageName":"rhbk/keycloak-rhel9","product":"Red Hat build of Keycloak 26.4","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"26.4-12","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"defaultStatus":"affected","packageName":"rhbk/keycloak-rhel9-operator","product":"Red Hat build of Keycloak 26.4","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"26.4-12","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:build_keycloak:26.4::el9"],"defaultStatus":"unaffected","packageName":"rhbk/keycloak-rhel9","product":"Red Hat build of Keycloak 26.4.10","vendor":"Red Hat"}],"datePublic":"2026-03-05T11:24:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-305","description":"Authentication Bypass by Primary Weakness","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-06T02:36:29.782Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2026:3925","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3925"},{"name":"RHSA-2026:3926","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3926"},{"name":"RHSA-2026:3947","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"name":"RHSA-2026:3948","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-3047"},{"name":"RHBZ#2441966","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441966"}],"timeline":[{"lang":"en","time":"2026-02-23T17:29:50.192Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-05T11:24:00.000Z","value":"Made public."}],"title":"Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login","workarounds":[{"lang":"en","value":"To mitigate this issue, ensure that any SAML client intended to be disabled is not configured as an IdP-initiated broker landing target within Keycloak. Review your Keycloak realm configurations to identify and remove any such associations for disabled clients."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-305: Authentication Bypass by Primary Weakness"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2026-3047","datePublished":"2026-03-05T18:28:36.337Z","dateReserved":"2026-02-23T17:30:53.926Z","dateUpdated":"2026-06-30T02:45:19.136Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-05 19:16:18","lastModifiedDate":"2026-06-30 03:19:10","problem_types":["CWE-305","CWE-305 Authentication Bypass by Primary Weakness"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-06T18:13:06.967396Z","id":"CVE-2026-3047","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:text-only:*:*:*","matchCriteriaId":"1830E455-7E11-4264-862D-05971A42D4A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:26.2:*:*:*:*:*:*:*","matchCriteriaId":"DBB531B3-5BD6-41B4-882C-A42F611819B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:26.2.14:*:*:*:*:*:*:*","matchCriteriaId":"56732D81-7096-40F3-A990-1C84E2D984F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:26.4:*:*:*:*:*:*:*","matchCriteriaId":"3C8F3485-92CB-4F23-A35A-AAA444FDF39E"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:26.4.10:*:*:*:*:*:*:*","matchCriteriaId":"C8A55A00-BD52-4198-B43A-62919C272AA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*","matchCriteriaId":"6E0DE4E1-5D8D-40F3-8AC8-C7F736966158"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"3047","Ordinal":"1","Title":"Org.keycloak.broker.saml: keycloak saml broker: authentication b","CVE":"CVE-2026-3047","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"3047","Ordinal":"1","NoteData":"A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions.","Type":"Description","Title":"Org.keycloak.broker.saml: keycloak saml broker: authentication b"}]}}}