CVE Catalog

CVE-2026-9801

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.48%

38th percentile - higher than 38% of all known CVEs

Summary

A flaw was found in Keycloak where a remote attacker with high privileges (e.g., a realm administrator configuring a malicious LDAP server or an attacker compromising an upstream LDAP server) can trigger an OutOfMemoryError by sending a malformed LDAP password policy response during a password authentication request. This causes the Keycloak JVM to terminate, leading to a denial of service (DoS) for all realms on the affected node.

Risk Assessment

The risk is a complete shutdown of the Keycloak service for all realms on the affected node, preventing authentication and identity management, causing a major disruption to applications relying on this system.

Recommendation

It is recommended to immediately update Keycloak to a patched version and restrict trust for configured LDAP servers to trusted sources only. Also monitor logs for unusual memory errors.

Original NVD description (English source)

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS