Home / Vulnerability Intelligence / CVE-2026-3047

CVE-2026-3047 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 5, 2026

Keycloak - Broken Access Control

Published: March 5, 2026Updated: March 5, 2026Remote Exploitable

Overview

Keycloak contains a broken access control vulnerability caused by disabled SAML clients configured as IdP-initiated broker landing targets still completing login, letting remote attackers bypass authentication and access enabled clients.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 41.9%(Probability of exploitation in next 30 days)

Impact

Remote attackers can bypass authentication and gain unauthorized access to enabled clients, compromising security.

Mitigation

Update to the latest version of Keycloak containing the fix.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 5, 2026

🟠 CVE-2026-3047 - High (8.8) A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Sin... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3047/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3047
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: unconfirmed
EPSS: 41.9%
Social Posts: 1

CWE

CWE-305

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

41.9%Probability of exploitation in the next 30 days