CVE-2026-7507

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A session fixation issue exists in the login-actions endpoints. An unauthenticated attacker can pre-create an authentication session and trick a victim into visiting a malicious link. By using the '/login-actions/restart' endpoint, which lacks sufficient CSRF (Cross-Site Request Forgery) protection and cookie ownership validation, the attacker can reset the authentication flow state. This allows Single Sign-On (SSO) to authenticate the victim transparently, enabling the attacker to hijack the required-action form without credentials. This can result in full account takeover, including administrative accounts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.