Bug 2437296 (CVE-2026-2092)

Summary: CVE-2026-2092 keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aschwart, boliveir, mposolda, pjindal, rmartinc, security-response-team, ssilvert, sthorger, vmuzikar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Deadline: 2026-03-01   

Description OSIDB Bzimport 2026-02-06 10:26:52 UTC 
Keycloak validates that plaintext `<Assertion>` elements are signed when the response root is not signed, but it does not apply the same binding requirement to `<EncryptedAssertion>`. The saml broker endpoint then decrypts and processes the first assertion choice, which allows an attacker to inject an encrypted assertion for an arbitrary principal alongside a valid signed assertion for themselves. So the response can be crafted in the following way:

Remove the signature for the full response if present.
Get the public key of the realm to encrypt the new assertion.
Put this encrypted assertion first.
Maintain the second assertion that should be signed and valid.
This way Keycloak method validates the signature in the second assertion but selects the first one which is just encrypted and not signed. We are missing to check that the selected signature should be signed when the full message is not.

Additional notes
The attack is valid for the SAML adapter and the SAML Identity provider. The issue needs that the original message is signed at assertion level.

Requirements to exploit
The attacker needs a valid saml assertion signed in the assertion that should be stolen first.