CVE-2026-7571

Sažetak

A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect (OIDC) clients. By manipulating client data during a session restart, an attacker can obtain an access token that should not be available. This vulnerability can also lead to the exposure of these access tokens in server logs, proxy logs, and HTTP Referrer headers, resulting in sensitive information disclosure.

Reference

https://access.redhat.com/errata/RHSA-2026:19596
https://access.redhat.com/errata/RHSA-2026:19597
https://access.redhat.com/security/cve/CVE-2026-7571
https://bugzilla.redhat.com/show_bug.cgi?id=2464263

CVSS

Base:	7.1
Impact:	4.2
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

20-05-2026 - 17:16

Objavljeno

19-05-2026 - 12:16