Vulnerability Description
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2026:3925
- https://access.redhat.com/errata/RHSA-2026:3926
- https://access.redhat.com/errata/RHSA-2026:3947
- https://access.redhat.com/errata/RHSA-2026:3948
- https://access.redhat.com/security/cve/CVE-2026-2092
- https://bugzilla.redhat.com/show_bug.cgi?id=2437296
FAQ
What is CVE-2026-2092?
CVE-2026-2092 is a vulnerability with a CVSS score of 7.7 (HIGH). A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An atta...
How severe is CVE-2026-2092?
CVE-2026-2092 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2092?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.