CVE-2026-9794

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure.

Vulnerability Details

Published Date

May 28, 2026

Last Modified

May 28, 2026

CWE ID

CWE-209

Source

NVD

External References

https://access.redhat.com/security/cve/CVE-2026-9794
https://bugzilla.redhat.com/show_bug.cgi?id=2482461

CVE-2026-9794

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment