CVE-2026-9803
EUVD-2026-3271928.05.2026, 06:16
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| redhat | build_of_keycloak | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
Vulnerability Media Exposure
References