Skip to content
Threat Feed

Tag

Implicit-Flow

1 brief RSS
medium threat

Keycloak OIDC Implicit Flow Bypass Vulnerability (CVE-2026-7571)

CVE-2026-7571 describes a vulnerability in Keycloak where a low-privilege user can bypass security controls intended to disable the implicit flow in OpenID Connect (OIDC) clients by manipulating client data during session restart, potentially exposing access tokens.

Keycloak oidc implicit-flow cve-2026-7571 credential-access
2r 1t 1c