CVE-2026-7571

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A security control intended to disable the implicit flow in OpenID Connect (OIDC) clients can be bypassed. A low-privilege user with knowledge of user credentials and client ID can manipulate client data during a session restart to obtain an unauthorized access token. This process may lead to the exposure of access tokens in server logs, proxy logs, and HTTP Referrer headers, causing sensitive information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.