Remote DoS Vulnerability in Keycloak by Malicious LDAP Server
CVE-2026-9801

4.9MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Build Of Keycloak 26.6
Red Hat Build Of Keycloak 26.6.3
Red Hat Build Of Keycloak 26.6.4
Vendor
CVE Published:
28 May 2026

What is CVE-2026-9801?

A vulnerability in Keycloak allows a remote attacker, especially those with realm administrator privileges, to exploit a flaw related to LDAP servers. When an attacker sends a malformed LDAP password policy response during the password authentication process, it triggers an OutOfMemoryError, causing the Java Virtual Machine (JVM) to crash. This results in a denial of service for all realms operating on the compromised node, leaving users unable to authenticate.

Affected Version(s)

Red Hat build of Keycloak 26.6 26.6.3-3

Red Hat build of Keycloak 26.6 26.6-6

Red Hat build of Keycloak 26.6 26.6-6

References

https://access.redhat.com/errata/RHSA-2026:25097
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25098
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9801
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Seongkuk Park for reporting this issue.
.