MEDIUM 5.3

CVE-2026-9794: Keycloak SAML ECP Information Disclosure Vulnerability

Keycloak contains an information disclosure vulnerability in its SAML ECP (Enhanced Client or Proxy) endpoint. An unauthenticated attacker can send specially crafted SOAP requests with different client IDs to the endpoint and observe the error messages returned. By analyzing these responses, an attacker can infer whether a given client uses SAML or another protocol. While this doesn't grant direct access to sensitive data or systems, it reveals organizational configuration details that could inform further reconnaissance or targeted attacks.

Source data · NVD / CISA · public domain

CVSS
3.1 · 5.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weaknesses (CWE)
CWE-209
Affected products
1 configuration(s)
Published / Modified
2026-05-28 / 2026-06-26

NVD description (verbatim)

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure.

6 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability exists in the SAML ECP endpoint of Keycloak, which processes SOAP-based ECP authentication flows. When an attacker submits SOAP requests specifying non-existent or varied client IDs, the endpoint returns SOAP faults with distinct faultstrings depending on the actual client's protocol type. This difference in error response allows an unauthenticated attacker to enumerate and classify clients by their protocol configuration. The root cause is insufficient response normalization—the endpoint leaks protocol-specific information through its fault responses rather than returning uniform error messages. This falls under CWE-209 (Information Exposure Through an Error Message).

Business impact

The primary risk is information disclosure about your identity infrastructure. An attacker can map which applications and integrations in your environment use SAML versus other protocols, building an attack surface inventory without authentication. For organizations using Keycloak as a central identity provider, this reconnaissance could precede social engineering, phishing campaigns targeting specific application users, or focused exploitation of identified SAML-based services. The impact is limited to confidentiality; there is no direct path to data theft or service disruption from this flaw alone, but it significantly aids threat actors in the reconnaissance phase.

Affected systems

Red Hat build of Keycloak is affected. Determine your installed version and verify against Red Hat's security advisory. Organizations running Keycloak as a self-managed identity provider or through Red Hat's supported distributions should assess whether their deployment exposes the SAML ECP endpoint to untrusted networks. Air-gapped or internal-only Keycloak instances face lower risk, though the endpoint should still be restricted to authorized clients where possible.

Exploitability

Exploitation requires no authentication, valid credentials, or user interaction. An attacker only needs network access to the SAML ECP endpoint and the ability to craft and send SOAP requests. The attack is trivial to automate for enumeration at scale. However, the vulnerability alone does not grant code execution or data access; it is a stepping stone for reconnaissance. The low bar to exploitation combined with the absence of a public KEV entry suggests either limited active exploitation or recent discovery.

Remediation

Apply the security patch from Red Hat when available, ensuring your Keycloak instance is updated to a fixed version. Verify the patch details in the official Red Hat Security Advisory. Simultaneously, implement network-level controls: restrict access to the SAML ECP endpoint to known, trusted clients or networks. If the endpoint must be exposed, consider placing it behind a WAF or reverse proxy that normalizes SOAP fault responses or blocks suspicious SOAP enumeration patterns. Audit logs for repeated SOAP requests with varying client IDs to detect scanning activity.

Patch guidance

Consult the Red Hat build of Keycloak security advisory for the specific version addressing this flaw. Apply patches during a scheduled maintenance window, testing in a staging environment first to ensure compatibility with your configured SAML clients and integrations. After patching, verify that SAML ECP authentication flows remain functional for legitimate clients. No rollback should be needed unless the patch introduces a regression—in which case contact Red Hat support.

Detection guidance

Monitor SAML ECP endpoint logs for repeated SOAP requests with sequential or enumerated client ID values, particularly from a single source IP. Look for patterns of requests that receive different fault responses; this behavior is characteristic of the reconnaissance technique described. Implement alerting on elevated rates of SOAP faults from the ECP endpoint. Correlate such activity with other reconnaissance indicators (DNS queries, port scans) to assess whether an attacker is performing broader reconnaissance against your identity infrastructure.

Why prioritize this

While this vulnerability carries a CVSS score of 5.3 (Medium severity), it is an information disclosure that enables reconnaissance. Organizations should prioritize patching based on: (1) whether the SAML ECP endpoint is exposed to untrusted networks, (2) the sensitivity of your client configuration, and (3) the threat profile in your environment. If your Keycloak instance is internal-only or heavily restricted, prioritization can be lower. If it is internet-facing or accessible from untrusted networks, treat it as higher priority to prevent attacker reconnaissance. Combining this with other identity infrastructure attacks would increase severity.

Risk score, explained

The CVSS 3.1 score of 5.3 reflects a network-accessible vulnerability (AV:N) with no authentication required (PR:N), low complexity (AC:L), and a confidentiality impact (C:L) limited to information disclosure. There is no integrity or availability impact (I:N/A:N). The score correctly captures that an unauthenticated attacker can glean protocol information, but the practical harm is confined to reconnaissance. The score does not capture the value of this information as a stepping stone to more damaging attacks—context and your threat model should inform prioritization beyond the numeric score.

Frequently asked questions

Can an attacker use this vulnerability to access user data or disable Keycloak?

No. This vulnerability discloses only the protocol type of configured clients (e.g., SAML vs. OIDC). It does not grant access to user accounts, tokens, application data, or the ability to disrupt service. An attacker would need to exploit a separate vulnerability to achieve those outcomes. This flaw is primarily valuable during the reconnaissance phase.

Is my Keycloak instance vulnerable if the SAML ECP endpoint is not exposed externally?

The vulnerability itself requires network access to the endpoint. If your Keycloak instance is firewalled and accessible only from internal networks or a restricted bastion, the attack surface is significantly reduced. However, the patch should still be applied as part of regular maintenance, and you should verify that internal network access is appropriately controlled.

How do I know if the SAML ECP endpoint is enabled in my deployment?

By default, Keycloak enables the SAML ECP endpoint if you have configured any SAML protocol clients. Review your Keycloak realm configuration for SAML clients and check whether the ECP endpoint is exposed in your network architecture. Consult your Keycloak deployment documentation or contact Red Hat support if you are unsure.

Should I disable the SAML ECP endpoint if I'm not using SAML clients?

If you are not using SAML for authentication, the ECP endpoint can be disabled as a defense-in-depth measure. However, check your application requirements first, as some legacy or third-party integrations may rely on SAML ECP. The safest approach is to apply the patch and restrict endpoint access via network controls rather than disabling it outright, unless you have confirmed that SAML ECP is not needed.

This analysis is based on publicly disclosed information as of the publication date and reflects the vulnerability details available at that time. Specific patch version numbers and detailed remediation steps should be verified against the official Red Hat Security Advisory. This document does not constitute legal, compliance, or medical advice. Organizations should conduct their own risk assessments based on their specific Keycloak deployment, network architecture, and threat model. SEC.co makes no warranty regarding the accuracy or completeness of this analysis. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).