Home

Description

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure.

PUBLISHED Reserved 2026-05-28 | Published 2026-05-28 | Updated 2026-05-28 | Assigner redhat




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

Generation of Error Message Containing Sensitive Information

Product status

Default status
affected

Timeline

2026-05-28:Reported to Red Hat.
2026-05-28:Made public.

Credits

Red Hat would like to thank Asaad Mostafa and Muhammed Hussein for reporting this issue.

References

access.redhat.com/security/cve/CVE-2026-9794 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2482461 (RHBZ#2482461) issue-tracking

cve.org (CVE-2026-9794)

nvd.nist.gov (CVE-2026-9794)

Download JSON