Remote DoS Vulnerability in Keycloak by Malicious LDAP Server
CVE-2026-9801

4.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Keycloak
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-9801?

A vulnerability in Keycloak allows a remote attacker, especially those with realm administrator privileges, to exploit a flaw related to LDAP servers. When an attacker sends a malformed LDAP password policy response during the password authentication process, it triggers an OutOfMemoryError, causing the Java Virtual Machine (JVM) to crash. This results in a denial of service for all realms operating on the compromised node, leaving users unable to authenticate.

References

https://access.redhat.com/security/cve/CVE-2026-9801

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2482473

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 28, 2026

Credit

Red Hat would like to thank Seongkuk Park for reporting this issue.

CVE-2026-9801 Data

JSON