CVEFinder.io

CVE-2026-9794

🔶 medium
🔍 Scan for this CVE
Summary

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure.

CVSS Score
5.3
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-28
First Seen: 2026-05-29
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.8% of all 326,604 vulnerabilities in our database.

#262,086
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 28, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Red Hat would like to thank Asaad Mostafa and Muhammed Hussein for reporting this issue.
SSVC data provided by CISA
Last Modified 2026-06-03
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)
CWE-209

📦 Affected Products 1

Vendor Product Status Affected Versions
redhat build_of_keycloak Affected
v-

🔗 References 2

https://access.redhat.com/security/cve/CVE-2026-9794
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2482461
Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-9791 🔶 medium 4.3 0.0 A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by acces... 2026-05-28
CVE-2026-9792 🔶 medium 6.5 0.0 A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When cer... 2026-05-28
CVE-2026-9793 🔶 medium 5.9 0.0 A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incor... 2026-05-28
CVE-2026-9795 ⚠️ high 7.3 0.0 A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client man... 2026-05-28
CVE-2026-9796 🔶 medium 6.5 0.0 A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check ... 2026-05-28
CVE-2026-9798 🔶 medium 4.3 0.1 A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily... 2026-05-28
These CVEs affect the same products