{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T03:22:59.782","vulnerabilities":[{"cve":{"id":"CVE-2026-1190","sourceIdentifier":"secalert@redhat.com","published":"2026-01-26T20:16:09.813","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption."},{"lang":"es","value":"Se encontró un fallo en la funcionalidad de intermediación SAML de Keycloak. Cuando Keycloak está configurado como un cliente en una configuración de Security Assertion Markup Language (SAML), falla al validar la marca de tiempo 'NotOnOrAfter' dentro de 'SubjectConfirmationData'. Esto permite a un atacante retrasar la expiración de las respuestas SAML, extendiendo potencialmente el tiempo que una respuesta se considera válida y llevando a duraciones de sesión inesperadas o consumo de recursos."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-112"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:3947","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:3948","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-1190","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430835","source":"secalert@redhat.com"}]}}]}