{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-9801", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-05-28T04:00:46.722Z", "datePublished": "2026-05-28T04:42:10.331Z", "dateUpdated": "2026-05-28T04:42:10.331Z"}, "containers": {"cna": {"title": "Keycloak: keycloak: denial of service via malformed ldap password policy response", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Build of Keycloak", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:build_keycloak:"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-9801", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482473", "name": "RHBZ#2482473", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-05-28T04:18:25.872Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-1284", "description": "Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1284: Improper Validation of Specified Quantity in Input", "workarounds": [{"lang": "en", "value": "To mitigate this vulnerability, ensure that Keycloak's LDAP user-storage providers are configured to connect only to trusted and secure LDAP servers. Avoid configuring LDAP federation with unverified or potentially malicious LDAP endpoints. Additionally, always use TLS for LDAP connections to prevent Man-in-the-Middle attacks. If an upstream LDAP server is compromised, it should be isolated and secured immediately."}], "timeline": [{"lang": "en", "time": "2026-05-28T04:00:39.339Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-05-28T04:18:25.872Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Seongkuk Park for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-05-28T04:42:10.331Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node."}], "id": "CVE-2026-9801", "lastModified": "2026-05-28T06:16:29.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-05-28T06:16:29.493", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-9801"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482473"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 98.0, "source": "matching"}]}, "original": {"product": "Red Hat Build of Keycloak", "source": "cna", "vendor": "Red Hat"}, "product": "build_of_keycloak", "vendor": "redhat"}], "created": "2026-05-28T08:00:10.923725+00:00", "updated": "2026-05-28T09:30:05.898338+00:00", "vendors": ["redhat", "redhat$PRODUCT$build_of_keycloak"]}