ZeroPath at Black Hat USA 2026

Keycloak CVE-2026-7307: Brief Summary of SAML Endpoint Denial of Service via Crafted XML

A brief summary of CVE-2026-7307, a high severity denial of service vulnerability in Keycloak's SAML endpoint that allows unauthenticated attackers to exhaust server resources with crafted XML input.

CVE Analysis

5 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-05-19

Keycloak CVE-2026-7307: Brief Summary of SAML Endpoint Denial of Service via Crafted XML
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

A crafted XML payload sent to Keycloak's SAML endpoint can starve the server of worker threads and pin CPU utilization, turning a single unauthenticated request into a full denial of service against the authentication gateway that downstream applications depend on. For organizations running Keycloak as their centralized SSO provider, this means a single malicious request from an untrusted network could lock every user out of every connected application.

Keycloak is an open source identity and access management platform designed for modern applications and services, providing capabilities such as user federation, strong authentication, user management, and fine grained authorization. Backed by Red Hat (which ships the Red Hat Build of Keycloak for enterprise use), the project is widely deployed across industries as a foundational SSO and identity brokering layer. Its role as a gateway to application access makes any availability disruption particularly consequential.

Technical Information

CVE-2026-7307 targets the SAML protocol endpoint exposed by Keycloak. The root cause is improper validation of the syntactic correctness of incoming XML input, classified under CWE-1286 (Improper Validation of Syntactic Correctness of Input). This weakness class describes situations where software accepts input that is expected to conform to a well defined syntax (in this case, XML conforming to the SAML schema) but fails to validate that conformance before processing the data.

When a specially crafted XML payload is submitted to the SAML endpoint, the server attempts to parse and process it without adequate validation. The malformed input triggers a resource exhaustion condition: CPU usage spikes and the available worker threads are consumed by the pathological parsing operation. Once the thread pool is exhausted, the Keycloak instance cannot service any further requests, whether legitimate authentication flows or administrative operations.

CVSS Breakdown

The CVSS 3.1 base score is 7.5, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The key metrics are:

MetricValueImplication
Attack VectorNetworkExploitable remotely over any network path to the SAML endpoint
Attack ComplexityLowNo special conditions or race windows required
Privileges RequiredNoneNo authentication needed; fully unauthenticated attack
User InteractionNoneNo victim action required
Confidentiality ImpactNoneNo data disclosure
Integrity ImpactNoneNo data modification
Availability ImpactHighComplete service disruption

The combination of unauthenticated access, low complexity, and high availability impact makes this vulnerability particularly accessible to automated scanning and exploitation tooling.

Attack Flow

Based on the available advisory data, the exploitation sequence is straightforward:

  1. The attacker identifies a Keycloak instance with the SAML endpoint exposed to the network.
  2. The attacker constructs a specially crafted XML payload designed to trigger pathological processing behavior in the SAML parser.
  3. The attacker sends this payload to the SAML endpoint without any authentication credentials.
  4. The Keycloak server begins processing the malformed XML, consuming CPU cycles and occupying worker threads.
  5. As worker threads are exhausted, the server becomes unable to handle legitimate requests.
  6. The Keycloak instance is effectively offline, disrupting all SSO dependent applications.

The specific nature of the crafted XML (whether it exploits entity expansion, deeply nested structures, or another XML parsing pathology) is not detailed in the current advisories.

CWE-1286 Context

CWE-1286 describes a failure to validate that input conforms to expected syntactic rules before processing it. For complex data exchange formats like XML, this class of weakness can manifest as excessive resource consumption during parsing, unexpected error states, or cascading failures. The SAML protocol relies heavily on well formed XML, and any gap in input validation at the parsing stage creates an opportunity for resource exhaustion attacks.

Affected Systems and Versions

The Red Hat advisory identifies the affected package as rhbk/keycloak-rhel9 (the Red Hat Build of Keycloak for RHEL 9). However, specific affected version numbers and version ranges have not been explicitly enumerated in the current advisories. The fix state is listed as "Under investigation" as of May 19, 2026, meaning no patched version is available yet.

The primary exposure determinant is whether the SAML protocol is enabled and whether the SAML endpoint is reachable from untrusted networks. Deployments that do not use SAML or that restrict SAML endpoint access to trusted clients have a significantly reduced attack surface.

Vendor Security History

The Keycloak project has addressed multiple SAML related security issues in recent releases. Two notable examples from 2026 include:

  • CVE-2026-2575: A denial of service vulnerability caused by excessive SAMLRequest decompression, addressed in the Keycloak 26.4 release cycle.
  • CVE-2026-3047: An authentication bypass related to the SAML broker, also resolved in recent releases.

This pattern indicates that the SAML subsystem is currently a focal area for both external security research and internal vendor remediation. The recurrence of SAML related vulnerabilities suggests that organizations relying on Keycloak's SAML capabilities should pay close attention to release notes and security advisories.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization