{"api_version":"1","generated_at":"2026-06-04T03:26:46+00:00","cve":"CVE-2026-9803","urls":{"html":"https://cve.report/CVE-2026-9803","api":"https://cve.report/api/cve/CVE-2026-9803.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-9803","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-9803"},"summary":{"title":"Keycloak: keycloak: denial of service via malformed authorization header","description":"A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service.","state":"PUBLISHED","assigner":"redhat","published_at":"2026-05-28 06:16:29","updated_at":"2026-06-03 19:28:55"},"problem_types":["CWE-125","CWE-125 Out-of-bounds Read"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-9803","name":"https://access.redhat.com/security/cve/CVE-2026-9803","refsource":"secalert@redhat.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482465","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2482465","refsource":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-9803","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-9803","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Build of Keycloak","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-05-28T04:02:15.892Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2026-05-28T04:03:01.292Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank Mustafa Çetin for reporting this issue.","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"9803","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"build_of_keycloak","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"9803","cve":"CVE-2026-9803","epss":"0.000950000","percentile":"0.264230000","score_date":"2026-06-03","updated_at":"2026-06-04 00:06:34"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-9803","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-28T13:09:44.442993Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-28T13:10:07.051Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:build_keycloak:"],"defaultStatus":"affected","packageName":"rhbk/keycloak-rhel9","product":"Red Hat Build of Keycloak","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"Red Hat would like to thank Mustafa Çetin for reporting this issue."}],"datePublic":"2026-05-28T04:03:01.292Z","descriptions":[{"lang":"en","value":"A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"Out-of-bounds Read","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-28T04:47:10.485Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-9803"},{"name":"RHBZ#2482465","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482465"}],"timeline":[{"lang":"en","time":"2026-05-28T04:02:15.892Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-28T04:03:01.292Z","value":"Made public."}],"title":"Keycloak: keycloak: denial of service via malformed authorization header","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-125: Out-of-bounds Read"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2026-9803","datePublished":"2026-05-28T04:47:10.485Z","dateReserved":"2026-05-28T04:02:28.881Z","dateUpdated":"2026-05-28T13:10:07.051Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-28 06:16:29","lastModifiedDate":"2026-06-03 19:28:55","problem_types":["CWE-125","CWE-125 Out-of-bounds Read"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*","matchCriteriaId":"E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"9803","Ordinal":"1","Title":"Keycloak: keycloak: denial of service via malformed authorizatio","CVE":"CVE-2026-9803","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"9803","Ordinal":"1","NoteData":"A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service.","Type":"Description","Title":"Keycloak: keycloak: denial of service via malformed authorizatio"}]}}}