{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2092", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-02-06T10:28:15.411Z", "datePublished": "2026-03-18T01:14:48.364Z", "dateUpdated": "2026-03-18T14:11:08.708Z"}, "containers": {"cna": {"title": "Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "26.2.14-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "versions": [{"version": "26.2-16", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "26.2-16", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2.14", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "rhbk/keycloak-rhel9", "cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "26.4.10-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "versions": [{"version": "26.4-12", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "26.4-12", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4.10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "rhbk/keycloak-rhel9", "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:3925", "name": "RHSA-2026:3925", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3926", "name": "RHSA-2026:3926", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3947", "name": "RHSA-2026:3947", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3948", "name": "RHSA-2026:3948", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-2092", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296", "name": "RHBZ#2437296", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-03-05T12:34:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-1287", "description": "Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1287: Improper Validation of Specified Type of Input", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2026-02-06T10:25:16.675Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-05T12:34:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Oleh Konko for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-18T01:14:48.364Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T14:10:59.125692Z", "id": "CVE-2026-2092", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:11:08.708Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2092", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T14:10:59.125692Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:11:03.636Z"}}], "cna": {"title": "Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions", "credits": [{"lang": "en", "value": "Red Hat would like to thank Oleh Konko for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2", "versions": [{"status": "unaffected", "version": "26.2.14-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2", "versions": [{"status": "unaffected", "version": "26.2-16", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2", "versions": [{"status": "unaffected", "version": "26.2-16", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.2::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.2.14", "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "versions": [{"status": "unaffected", "version": "26.4.10-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "versions": [{"status": "unaffected", "version": "26.4-12", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "versions": [{"status": "unaffected", "version": "26.4-12", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4.10", "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-06T10:25:16.675Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-05T12:34:00.000Z", "value": "Made public."}], "datePublic": "2026-03-05T12:34:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:3925", "name": "RHSA-2026:3925", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3926", "name": "RHSA-2026:3926", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3947", "name": "RHSA-2026:3947", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:3948", "name": "RHSA-2026:3948", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-2092", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296", "name": "RHBZ#2437296", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1287", "description": "Improper Validation of Specified Type of Input"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-18T01:14:48.364Z"}, "x_redhatCweChain": "CWE-1287: Improper Validation of Specified Type of Input"}}, "cveMetadata": {"cveId": "CVE-2026-2092", "state": "PUBLISHED", "dateUpdated": "2026-03-18T14:11:08.708Z", "dateReserved": "2026-02-06T10:28:15.411Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-03-18T01:14:48.364Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Keycloak. El endpoint del broker de Security Assertion Markup Language (SAML) de Keycloak no valida correctamente las aserciones cifradas cuando la respuesta SAML general no est\u00e1 firmada. Un atacante con una aserci\u00f3n SAML firmada v\u00e1lida puede explotar esto al crear una respuesta SAML maliciosa. Esto permite al atacante inyectar una aserci\u00f3n cifrada para un principal arbitrario, lo que lleva a un acceso no autorizado y a una potencial revelaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2026-2092", "lastModified": "2026-03-18T14:52:44.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.3, "source": "[email protected]", "type": "Primary"}]}, "published": "2026-03-18T02:16:24.577", "references": [{"source": "[email protected]", "url": "https://access.redhat.com/errata/RHSA-2026:3925"}, {"source": "[email protected]", "url": "https://access.redhat.com/errata/RHSA-2026:3926"}, {"source": "[email protected]", "url": "https://access.redhat.com/errata/RHSA-2026:3947"}, {"source": "[email protected]", "url": "https://access.redhat.com/errata/RHSA-2026:3948"}, {"source": "[email protected]", "url": "https://access.redhat.com/security/cve/CVE-2026-2092"}, {"source": "[email protected]", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "[email protected]", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Oleh Konko for reporting this issue.", "affected_release": [{"advisory": "RHSA-2026:3925", "cpe": "cpe:/a:redhat:build_keycloak:26.2::el9", "package": "rhbk/keycloak-operator-bundle:26.2.14-1", "product_name": "Red Hat build of Keycloak 26.2", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3925", "cpe": "cpe:/a:redhat:build_keycloak:26.2::el9", "package": "rhbk/keycloak-rhel9:26.2-16", "product_name": "Red Hat build of Keycloak 26.2", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3925", "cpe": "cpe:/a:redhat:build_keycloak:26.2::el9", "package": "rhbk/keycloak-rhel9-operator:26.2-16", "product_name": "Red Hat build of Keycloak 26.2", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3926", "cpe": "cpe:/a:redhat:build_keycloak:26.2::el9", "package": "rhbk/keycloak-rhel9", "product_name": "Red Hat build of Keycloak 26.2.14", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3948", "cpe": "cpe:/a:redhat:build_keycloak:26.4::el9", "package": "keycloak-rhel9-container-26.4-12", "product_name": "Red Hat build of Keycloak 26.4", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3948", "cpe": "cpe:/a:redhat:build_keycloak:26.4::el9", "package": "keycloak-rhel9-operator-bundle-container-26.4.10-1", "product_name": "Red Hat build of Keycloak 26.4", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3948", "cpe": "cpe:/a:redhat:build_keycloak:26.4::el9", "package": "keycloak-rhel9-operator-container-26.4-12", "product_name": "Red Hat build of Keycloak 26.4", "release_date": "2026-03-05T00:00:00Z"}, {"advisory": "RHSA-2026:3947", "cpe": "cpe:/a:redhat:build_keycloak:26.4::el9", "package": "rhbk/keycloak-rhel9", "product_name": "Red Hat build of Keycloak 26.4.10", "release_date": "2026-03-05T00:00:00Z"}], "bugzilla": {"description": "keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions", "id": "2437296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437296"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "status": "verified"}, "cwe": "CWE-1287", "details": ["No description is available for this CVE."], "name": "CVE-2026-2092", "public_date": "2026-03-05T12:34:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2092\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2092"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "26.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "26.4"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "build_keycloak", "vendor": "redhat"}], "created": "2026-03-06T15:18:27.041589+00:00", "updated": "2026-03-06T15:18:27.041796+00:00", "vendors": ["redhat", "redhat$PRODUCT$build_keycloak"]}