Primary

Context

Red Hat Keycloak LDAP User Federation Deserialization Vulnerability

Vulnerability

Patched

A deserialization vulnerability has been identified in the Red Hat build of Keycloak LDAP User Federation provider, specifically in versions 26.2.11 and 26.4.6. This flaw allows an authenticated realm administrator to exploit a malicious LDAP server configuration, leading to the deserialization of untrusted Java objects.

Impact

Exploitation of this vulnerability could allow an attacker to manipulate deserialized objects or data, potentially modifying application data or causing an unexpected state. In some cases, such deserialization vulnerabilities can be leveraged to execute arbitrary code.

Remediation

Users can upgrade to the Red Hat build of Keycloak 26.4.6, which is available through the Red Hat Customer Portal. For those using Keycloak 26.2.11, new images are also available on the Customer Portal.

Added: Nov 25, 2025, 4:20 PM

Updated: Nov 25, 2025, 10:56 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.0

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.0

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Red Hat Keycloak LDAP User Federation Deserialization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Red Hat build of Keycloak

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating