Security Advisory

CVE-2026-9803

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-28 04:47:10

Last updated 2026-05-28 13:10:07

Assigner redhat

State PUBLISHED

Description

A flaw was found in Keycloaks ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed Authorization: Bearer header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service.

← Browse all CVEs View on cve.org ↗