CVE-2026-7571: External Control of Assumed-Immutable Web Parameter in Red Hat Red Hat Build of Keycloak
A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect (OIDC) clients. By manipulating client data during a session restart, an attacker can obtain an access token that should not be available. This vulnerability can also lead to the exposure of these access tokens in server logs, proxy logs, and HTTP Referrer headers, resulting in sensitive information disclosure.
AI Analysis
Technical Summary
This vulnerability in Red Hat Build of Keycloak involves external control of an assumed-immutable web parameter. A low-privilege attacker with knowledge of user credentials and client ID can manipulate client data during session restart to bypass restrictions on the implicit flow in OpenID Connect clients. This results in unauthorized access token issuance and potential exposure of these tokens in various logs and HTTP headers. The issue affects the security of access tokens and could lead to sensitive information disclosure. The CVSS 3.1 score is 7.1 (high severity), reflecting network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, high confidentiality impact, low integrity impact, and no availability impact. The vendor advisory does not currently confirm patch availability or remediation status.
Potential Impact
An attacker with low privileges and knowledge of user credentials and client ID can bypass intended security controls to obtain access tokens that should be unavailable. These tokens may be exposed in server logs, proxy logs, and HTTP Referrer headers, potentially leading to sensitive information disclosure. The vulnerability impacts confidentiality significantly but has limited impact on integrity and no impact on availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-7571 for current remediation guidance. Until a fix is available, restrict access to logs that may contain sensitive tokens and monitor for unusual token issuance patterns. Avoid relying solely on disabling implicit flow controls as a security measure. Follow vendor updates closely for official patches or mitigations.
CVE-2026-7571: External Control of Assumed-Immutable Web Parameter in Red Hat Red Hat Build of Keycloak
Description
A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect (OIDC) clients. By manipulating client data during a session restart, an attacker can obtain an access token that should not be available. This vulnerability can also lead to the exposure of these access tokens in server logs, proxy logs, and HTTP Referrer headers, resulting in sensitive information disclosure.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Red Hat Build of Keycloak involves external control of an assumed-immutable web parameter. A low-privilege attacker with knowledge of user credentials and client ID can manipulate client data during session restart to bypass restrictions on the implicit flow in OpenID Connect clients. This results in unauthorized access token issuance and potential exposure of these tokens in various logs and HTTP headers. The issue affects the security of access tokens and could lead to sensitive information disclosure. The CVSS 3.1 score is 7.1 (high severity), reflecting network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, high confidentiality impact, low integrity impact, and no availability impact. The vendor advisory does not currently confirm patch availability or remediation status.
Potential Impact
An attacker with low privileges and knowledge of user credentials and client ID can bypass intended security controls to obtain access tokens that should be unavailable. These tokens may be exposed in server logs, proxy logs, and HTTP Referrer headers, potentially leading to sensitive information disclosure. The vulnerability impacts confidentiality significantly but has limited impact on integrity and no impact on availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-7571 for current remediation guidance. Until a fix is available, restrict access to logs that may contain sensitive tokens and monitor for unusual token issuance patterns. Avoid relying solely on disabling implicit flow controls as a security measure. Follow vendor updates closely for official patches or mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-04-30T22:21:27.850Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-7571","vendor":"Red Hat"}]
Threat ID: 6a0c47d9ec166c07b097b83d
Added to database: 5/19/2026, 11:22:01 AM
Last enriched: 5/19/2026, 11:36:35 AM
Last updated: 5/19/2026, 1:41:46 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.