Description
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service.
Published: 2026-05-28
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Keycloak's ClientRegistrationAuth component throws an ArrayIndexOutOfBoundsException when a client registration endpoint receives a malformed "Authorization: Bearer" header. The resulting HTTP 500 response can repeatedly crash the service, effectively denying legitimate requests. This flaw is a classic example of CWE‑125, where unchecked array bounds lead to application failure. The impact is a denial of service to all users relying on the affected Keycloak service.

Affected Systems

The vulnerability affects Red Hat Build of Keycloak. No specific version numbers were listed in the advisory; therefore any deployment of Red Hat's Keycloak build that has not been patched may be at risk. The vendor name is Red Hat and the product is their build of Keycloak.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. EPSS is not available, and KEV does not list this CVE, so widespread exploitation has not yet been observed. The attack can be performed remotely and unauthenticated; an attacker simply sends a crafted POST request to a client registration endpoint with the malformed header. Because only a standard HTTP request is required, exploitation is straightforward for anyone with network access to the service. The resulting denial can affect availability for all clients using that Keycloak instance.

Generated by OpenCVE AI on May 28, 2026 at 07:22 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Apply any vendor‑issued patch or upgrade to a newer Keycloak build as soon as it becomes available.
  • If a patch is not yet released, consider disabling the client registration endpoints until a fix is deployed.
  • Configure a web‑application firewall or network filter to reject malformed "Authorization: Bearer" headers before they reach the application.

Generated by OpenCVE AI on May 28, 2026 at 07:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat keycloak
Vendors & Products Redhat keycloak

Thu, 28 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 28 May 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 28 May 2026 06:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service.
Title Keycloak: keycloak: denial of service via malformed authorization header
First Time appeared Redhat
Redhat build Keycloak
Weaknesses CWE-125
CPEs cpe:/a:redhat:build_keycloak:
Vendors & Products Redhat
Redhat build Keycloak
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Redhat Build Keycloak Keycloak
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-28T13:10:07.051Z

Reserved: 2026-05-28T04:02:28.881Z

Link: CVE-2026-9803

cve-icon Vulnrichment

Updated: 2026-05-28T13:10:03.763Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T06:16:29.750

Modified: 2026-05-28T13:44:54.327

Link: CVE-2026-9803

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-28T04:03:01Z

Links: CVE-2026-9803 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T21:19:23Z

Weaknesses