exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 3

CVE-2026-1190

14 дней назад

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.

CVSS3: 3.1

EPSS: Низкий

CVE-2026-1190

14 дней назад

A flaw was found in Keycloak's SAML brokering functionality. When Keyc ...

CVSS3: 3.1

EPSS: Низкий

GHSA-63v5-26vq-m4vm

13 дней назад

Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods

CVSS3: 3.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2026-1190 A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.	CVSS3: 3.1	0% Низкий	14 дней назад
CVE-2026-1190 A flaw was found in Keycloak's SAML brokering functionality. When Keyc ...	CVSS3: 3.1	0% Низкий	14 дней назад
GHSA-63v5-26vq-m4vm Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods	CVSS3: 3.1	0% Низкий	13 дней назад

Уязвимостей на страницу