A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure.
rhbk/keycloak Red Hat / RHEL
Fixed in: rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le RHSA-2026:30050 Fixed in: rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le RHSA-2026:30050 Fixed in: rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64 RHSA-2026:30050 Fixed in: operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64 RHSA-2026:30050 Fixed in: rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64 RHSA-2026:30050 Fixed in: rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x RHSA-2026:30050 Fixed in: rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x RHSA-2026:30050 Fixed in: rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64 RHSA-2026:30050 Fixed in: rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64 RHSA-2026:30050 Fixed in: rhel9@sha256:acdf471dd72130f542d96f2066de14cee987d8d7c3c18eebfe7a9f6dd3ddcb8b_ppc64le RHSA-2026:25097 Fixed in: rhel9-operator@sha256:3e7730250bf4e80e6097bf585f6c56d26296abfd3a895b705fcb954fff5a6223_ppc64le RHSA-2026:25097 Fixed in: rhel9@sha256:749a914cbd258815ac1fb6ca8f6e8624c30c6b411a6f6f00f7204e6e9d053c79_arm64 RHSA-2026:25097 Fixed in: rhel9-operator@sha256:091b92f4afb1a23d0fc927e4160e824237b46128ea700ceeba6a8197f2952e6f_arm64 RHSA-2026:25097 Fixed in: rhel9@sha256:99222593645c093307b570651213c1695f74f7782f6922900688f8c4183d0c2c_amd64 RHSA-2026:25097 Fixed in: operator-bundle@sha256:b32c3aaa65f4ea0ef5eca9ea14ba20f7a382a625acfeebf2b9f604caeaea143d_amd64 RHSA-2026:25097 Fixed in: rhel9-operator@sha256:7230f239140c1e843bd0939ba086a285a183e3ed6c47b7fa72d55204f7fd5e54_amd64 RHSA-2026:25097 Fixed in: rhel9@sha256:7e81ba378ddeb63a1a2fd2b85e9302a6430b44614a519e942bf410b376adc071_s390x RHSA-2026:25097 Fixed in: rhel9-operator@sha256:c71e3d3785552cb3f18bca097c7dac638fbc6e4d7af470da22b910181c0202c8_s390x RHSA-2026:25097 rhbk/keycloak Rocky
Fixed in: rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le RHSA-2026:30050 Fixed in: rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le RHSA-2026:30050 Fixed in: rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64 RHSA-2026:30050 Fixed in: operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64 RHSA-2026:30050 Fixed in: rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64 RHSA-2026:30050 Fixed in: rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x RHSA-2026:30050 Fixed in: rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x RHSA-2026:30050 Fixed in: rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64 RHSA-2026:30050 Fixed in: rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64 RHSA-2026:30050 Fixed in: rhel9@sha256:acdf471dd72130f542d96f2066de14cee987d8d7c3c18eebfe7a9f6dd3ddcb8b_ppc64le RHSA-2026:25097 Fixed in: rhel9-operator@sha256:3e7730250bf4e80e6097bf585f6c56d26296abfd3a895b705fcb954fff5a6223_ppc64le RHSA-2026:25097 Fixed in: rhel9@sha256:749a914cbd258815ac1fb6ca8f6e8624c30c6b411a6f6f00f7204e6e9d053c79_arm64 RHSA-2026:25097 Fixed in: rhel9-operator@sha256:091b92f4afb1a23d0fc927e4160e824237b46128ea700ceeba6a8197f2952e6f_arm64 RHSA-2026:25097 Fixed in: rhel9@sha256:99222593645c093307b570651213c1695f74f7782f6922900688f8c4183d0c2c_amd64 RHSA-2026:25097 Fixed in: operator-bundle@sha256:b32c3aaa65f4ea0ef5eca9ea14ba20f7a382a625acfeebf2b9f604caeaea143d_amd64 RHSA-2026:25097 Fixed in: rhel9-operator@sha256:7230f239140c1e843bd0939ba086a285a183e3ed6c47b7fa72d55204f7fd5e54_amd64 RHSA-2026:25097 Fixed in: rhel9@sha256:7e81ba378ddeb63a1a2fd2b85e9302a6430b44614a519e942bf410b376adc071_s390x RHSA-2026:25097 Fixed in: rhel9-operator@sha256:c71e3d3785552cb3f18bca097c7dac638fbc6e4d7af470da22b910181c0202c8_s390x RHSA-2026:25097 Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
Exploitability
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Impact
Confidentiality Low
Integrity None
Availability None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.33% probability of exploitation in 30 days
25th percentile
Low risk: more likely to be exploited than 25% of all known CVEs.
Embed a live status badge for CVE-2026-9794 Markdown
[](https://tridentstack.com/cve/CVE-2026-9794)HTML
<a href="https://tridentstack.com/cve/CVE-2026-9794"><img src="https://tridentstack.com/cve/badge/CVE-2026-9794.svg" alt="CVE-2026-9794"></a>Find and fix vulnerabilities across your fleet TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start free This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-26.