Sign In

CVE-2026-1190

ADVISORY - github

Summary

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.

EPSS Score: 0.00043 (0.129)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-112

Missing XML Validation

ADVISORY - github

CWE-112

Missing XML Validation

CWE-347

Improper Verification of Cryptographic Signature

CWE-613

Insufficient Session Expiration

ADVISORY - redhat

CWE-112

Missing XML Validation

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in