Medium severity5.3NVD Advisory· Published May 28, 2026· Updated Jun 10, 2026
CVE-2026-9794
CVE-2026-9794
Description
A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- access.redhat.com/security/cve/CVE-2026-9794nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
- access.redhat.com/errata/RHSA-2026:25097nvd
- access.redhat.com/errata/RHSA-2026:25098nvd
News mentions
1- Keycloak: Twelve Vulnerabilities Disclosed, One High SeverityVypr Intelligence · May 28, 2026