CVE-2026-0707

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters, such as tabs, as separators and tolerates case variations that deviate from RFC 6750 specifications. This could potentially lead to a security control bypass.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.