Keycloak LDAP Federation < 26.4.6 - Authenticated Deserialization of Untrusted Data via LDAP Server Configuration
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.