CVE-2026-9794

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: none

Availability: none

Description

AI Translation Available

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure.

209

Generation of Error Message Containing Sensitive Information

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

Languages: PHP, Java, Not Language-Specific

Likelihood of Exploit: High

View CWE Details

https://access.redhat.com/security/cve/CVE-2026-9794

https://bugzilla.redhat.com/show_bug.cgi?id=2482461

CVE-2026-9794

Description

Generation of Error Message Containing Sensitive Information

Common Consequences

Applicable Platforms

Iscriviti alla newsletter