Red Hat · Keycloak · CVE-2026-9794
**Name of the Vulnerable Software and Affected Versions**
Keycloak (affected versions not specified)
**Description**
A remote, unauthenticated attacker can cause information disclosure by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint using varying client IDs. By analyzing the distinct faultstrings in the responses, the attacker can determine the protocol type of the client.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.