CVE-2026-7307
EUVD-2026-3088319.05.2026, 12:16
A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS) where the server becomes unavailable.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| redhat | build_of_keycloak | 26.4 ≤ 𝑥 < 26.4.12 |
𝑥
= Vulnerable software versions
References