VYPR
High severity7.5NVD Advisory· Published May 19, 2026· Updated Jun 3, 2026

CVE-2026-7307

CVE-2026-7307

Description

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS) where the server becomes unavailable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-saml-coreMaven
< 26.6.226.6.2

Affected products

2

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.