CVE-2026-7307
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS) where the server becomes unavailable.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat build of Keycloak 26.2 | 26.2.16-1 < * | unaffected |
| Red Hat | Red Hat build of Keycloak 26.2 | 26.2-21 < * | unaffected |
| Red Hat | Red Hat build of Keycloak 26.2 | 26.2-21 < * | unaffected |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4.12-1 < * | unaffected |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4-17 < * | unaffected |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4-17 < * | unaffected |
Weaknesses
- CWE-1286: Improper Validation of Syntactic Correctness of Input
Workarounds
To mitigate this vulnerability, restrict network access to the Keycloak SAML endpoint to trusted networks and clients. Implement firewall rules to limit inbound connections to the Keycloak service port (e.g., 8080) from untrusted sources. If the SAML protocol is not required for your deployment, consider disabling it to eliminate the attack surface. Applying these network restrictions or configuration changes may necessitate a restart or reload of the Keycloak service, which could temporarily affect its availability.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
keycloak: Keycloak: Denial of Service via specially crafted SAML input
Additional References
- https://access.redhat.com/security/cve/CVE-2026-7307
- https://bugzilla.redhat.com/show_bug.cgi?id=2476526
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-7307.json
- https://access.redhat.com/errata/RHSA-2026:19595
- https://access.redhat.com/errata/RHSA-2026:19597
- https://access.redhat.com/errata/RHSA-2026:19594
- https://access.redhat.com/errata/RHSA-2026:19596
References
- https://access.redhat.com/errata/RHSA-2026:19594
- https://access.redhat.com/errata/RHSA-2026:19595
- https://access.redhat.com/errata/RHSA-2026:19596
- https://access.redhat.com/errata/RHSA-2026:19597
- https://access.redhat.com/security/cve/CVE-2026-7307
- https://bugzilla.redhat.com/show_bug.cgi?id=2476526
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.