Home / Vulnerability Intelligence / CVE-2026-3009

CVE-2026-3009 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 5, 2026

Keycloak - Authentication Bypass

Published: March 5, 2026Updated: March 5, 2026Remote Exploitable

Overview

Keycloak contains an authentication bypass caused by reuse of previously generated login requests in IdentityBrokerService.performLogin endpoint, letting attackers authenticate via disabled Identity Providers, exploit requires knowledge of IdP alias.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 5.7%(Probability of exploitation in next 30 days)

Impact

Attackers can bypass administrative restrictions to authenticate via disabled external Identity Providers, potentially gaining unauthorized access.

Mitigation

Update to the latest version containing the fix.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 5, 2026

🟠 CVE-2026-3009 - High (8.1) A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a p... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3009/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3009
Severity: High
CVSS Score: 8.1
Type: broken_authentication
Status: unconfirmed
EPSS: 5.7%
Social Posts: 1

CWE

CWE-285

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

5.7%Probability of exploitation in the next 30 days