Keycloak 26.5.5 released

March 05 2026

To download the release go to Keycloak downloads.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Security fixes

• #46909 CVE-2026-3047 SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login
• #46910 CVE-2026-3009 Improper Enforcement of Disabled Identity Provider in IdentityBrokerService
• #46911 CVE-2026-2603 Disabled SAML IdP still allows IdP-initiated broker login
• #46912 CVE-2026-2092 saml broker encrypted assertion injection