5.3
CVE-2026-9794
- EPSS 0.33%
- Veröffentlicht 28.05.2026 03:44:20
- Zuletzt bearbeitet 26.06.2026 08:16:27
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Keycloak: keycloak: information disclosure via saml ecp endpoint
A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Build Of Keycloak Version- SwEdition-
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.249 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
https://access.redhat.com/security/cve/CVE-2026-9794
https://bugzilla.redhat.com/show_bug.cgi?id=2482461
https://access.redhat.com/errata/RHSA-2026:25098
https://access.redhat.com/errata/RHSA-2026:25097
https://access.redhat.com/errata/RHSA-2026:30049
https://access.redhat.com/errata/RHSA-2026:30050