OpenID Connect Token Bypass Vulnerability in Keycloak by Red Hat
CVE-2026-7571

7.1HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Build Of Keycloak 26.4
Red Hat Build Of Keycloak 26.4.12
Vendor
CVE Published:
19 May 2026

What is CVE-2026-7571?

A security vulnerability has been identified in Keycloak that allows a low-privilege user, with knowledge of their credentials and client ID, to bypass security measures intended to disable the implicit flow used in OpenID Connect (OIDC) clients. By manipulating client data during a session restart, an attacker can illicitly obtain access tokens that should remain inaccessible. This exploitation may further result in sensitive access tokens being unintentionally exposed in server logs, proxy logs, and HTTP Referrer headers, creating potential risks for sensitive data leakage.

Affected Version(s)

Red Hat build of Keycloak 26.4 26.4.12-1

Red Hat build of Keycloak 26.4 26.4-17

Red Hat build of Keycloak 26.4 26.4-17

References

https://access.redhat.com/errata/RHSA-2026:19596
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19597
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-7571
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Evan Hendra for reporting this issue.
.