Home / Vulnerability Intelligence / CVE-2026-3009

CVE-2026-3009 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 5, 2026

Keycloak - Authentication Bypass

Published: March 5, 2026Updated: March 5, 2026Remote Exploitable

Overview

Keycloak contains an authentication bypass caused by reuse of previously generated login requests in IdentityBrokerService.performLogin endpoint, letting attackers authenticate via disabled Identity Providers, exploit requires knowledge of IdP alias.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers can bypass administrative restrictions to authenticate via disabled external Identity Providers, potentially gaining unauthorized access.

Mitigation

Update to the latest version containing the fix.

References

https://access.redhat.com/security/cve/CVE-2026-3009
https://bugzilla.redhat.com/show_bug.cgi?id=2441867
https://access.redhat.com/errata/RHSA-2026:3947
https://access.redhat.com/errata/RHSA-2026:3948

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3009
Severity: High
CVSS Score: 8.1
Type: broken_authentication
Status: unconfirmed

CWE

CWE-285

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N