Tag
medium
threat
Keycloak OIDC Implicit Flow Bypass Vulnerability (CVE-2026-7571)
2 rules 1 TTP 1 CVECVE-2026-7571 describes a vulnerability in Keycloak where a low-privilege user can bypass security controls intended to disable the implicit flow in OpenID Connect (OIDC) clients by manipulating client data during session restart, potentially exposing access tokens.
Keycloak
oidc
implicit-flow
cve-2026-7571
credential-access
2r
1t
1c
critical
advisory
OpenBao OIDC Direct Callback Authentication Bypass Vulnerability
2 rules 1 TTPOpenBao versions before 2.5.2 lack user confirmation for OIDC direct callback mode, allowing attackers to perform remote phishing and bypass authentication.
openbao
oidc
authentication-bypass
phishing
2r
1t