Cyber Posture

CVE-2026-7307

High
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: not affectedAppOther: affectedOth

Published: 19 May 2026

Published
19 May 2026
Modified
20 May 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0008 23.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7307 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 23.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a…

more

Denial of Service (DoS) where the server becomes unavailable.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-1286

References