Denial of Service Flaw in Keycloak by Red Hat
CVE-2026-7307

7.5HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Build Of Keycloak 26.2
Red Hat Build Of Keycloak 26.2.16
Red Hat Build Of Keycloak 26.4
Red Hat Build Of Keycloak 26.4.12
Vendor
CVE Published:
19 May 2026

What is CVE-2026-7307?

A vulnerability exists in Keycloak that allows a remote, unauthenticated attacker to exploit the Security Assertion Markup Language (SAML) endpoint by sending specially crafted XML input. This manipulation can result in excessive CPU usage and thread starvation of the server, ultimately causing a Denial of Service (DoS). As a result, the server may become unavailable, posing significant risks to users and potentially disrupting services.

Affected Version(s)

Red Hat build of Keycloak 26.2 26.2.16-1

Red Hat build of Keycloak 26.2 26.2-21

Red Hat build of Keycloak 26.2 26.2-21

References

https://access.redhat.com/errata/RHSA-2026:19594
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19595
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19596
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Anchels for reporting this issue.
.