CVE-2026-0707
5.3 MEDIUMA flaw was found in Keycloak
Published: 2026-01-08 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-551
Description
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-0707
- [Other]https://access.redhat.com/errata/RHSA-2026:3947
- [Other]https://access.redhat.com/errata/RHSA-2026:3948
- [Other]https://access.redhat.com/security/cve/CVE-2026-0707
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=2427768
- [Other]https://github.com/keycloak/keycloak/issues/49433
Related CVEs
Same CWE
- CVE-2016-20030 — ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by s... (9.8 CRITICAL)