CVE-2026-9803 in Keycloakthông tin

Tóm tắt

Bởi MITRE • 28/05/2026

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

Redhat

Đặt trước

28/05/2026

Tiết lộ

28/05/2026

Kiểm duyệt

được chấp nhận

mục

VDB-366582

CPE

sẵn sàng

CWE

CWE-125 (Đã xác nhận)

CVSS

5.3 (CNA)

EPSS

0.00095

KEV

không

Các hoạt động

rất thấp

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-9803
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-9803
CVE Details	https://www.cvedetails.com/cve/CVE-2026-9803/

◂ Trước Tổng Quan Tiếp theo ▸

Interested in the pricing of exploits?

See the underground prices here!