CVE-2026-9801: Improper Validation of Specified Quantity in Input in Red Hat Red Hat Build of Keycloak
A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node.
AI Analysis
Technical Summary
This vulnerability in Red Hat Build of Keycloak allows a remote attacker with high privileges, such as a realm administrator or an attacker controlling an upstream LDAP server, to send a malformed LDAP password policy response during authentication. This malformed response triggers an OutOfMemoryError in the Keycloak Java Virtual Machine, causing it to terminate and resulting in a denial of service affecting all realms on the node. The CVSS 3.1 score is 4.9 (medium severity) with network attack vector, low complexity, high privileges required, no user interaction, and impact limited to availability.
Potential Impact
Successful exploitation causes the Keycloak JVM to terminate due to an OutOfMemoryError, leading to a denial of service for all realms hosted on the affected node. There is no impact on confidentiality or integrity reported. The disruption affects availability only.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-9801 for current remediation guidance. No official fix or workaround is documented in the provided advisory content at this time.
CVE-2026-9801: Improper Validation of Specified Quantity in Input in Red Hat Red Hat Build of Keycloak
Description
A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node.
CVSS v3.1
Score 4.9medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Red Hat Build of Keycloak allows a remote attacker with high privileges, such as a realm administrator or an attacker controlling an upstream LDAP server, to send a malformed LDAP password policy response during authentication. This malformed response triggers an OutOfMemoryError in the Keycloak Java Virtual Machine, causing it to terminate and resulting in a denial of service affecting all realms on the node. The CVSS 3.1 score is 4.9 (medium severity) with network attack vector, low complexity, high privileges required, no user interaction, and impact limited to availability.
Potential Impact
Successful exploitation causes the Keycloak JVM to terminate due to an OutOfMemoryError, leading to a denial of service for all realms hosted on the affected node. There is no impact on confidentiality or integrity reported. The disruption affects availability only.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-9801 for current remediation guidance. No official fix or workaround is documented in the provided advisory content at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-05-28T04:00:46.722Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-9801","vendor":"Red Hat"}]
Threat ID: 6a17daeae29bf47b50b180f6
Added to database: 5/28/2026, 6:04:26 AM
Last enriched: 5/28/2026, 6:18:44 AM
Last updated: 5/29/2026, 4:03:39 PM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.