Keycloak Client Registration Component Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Keycloak's ClientRegistrationAuth component. This issue allows remote, unauthenticated attackers to disrupt service by sending specially crafted POST requests with malformed 'Authorization: Bearer' headers to client registration endpoints. The vulnerability causes an ArrayIndexOutOfBoundsException, leading the server to return an HTTP 500 error and temporarily disrupting the affected service.

Impact

Exploitation of this vulnerability causes a temporary denial-of-service condition on the Keycloak instance, as the server crashes or restarts due to the unhandled exception caused by the malformed authorization header.

Added: May 28, 2026, 6:18 AM

Updated: May 28, 2026, 6:18 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

8.3

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

8.3

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Keycloak Client Registration Component Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

Keycloak

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating