Cyber Resilience

CVE-2026-7571

HighUpdated

Published: 19 May 2026

Published
19 May 2026
Modified
03 June 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0034 26.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7571 is a high-severity External Control of Assumed-Immutable Web Parameter (CWE-472) vulnerability in Redhat Build Of Keycloak. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect (OIDC) clients. By manipulating client data during a session…

more

restart, an attacker can obtain an access token that should not be available. This vulnerability can also lead to the exposure of these access tokens in server logs, proxy logs, and HTTP Referrer headers, resulting in sensitive information disclosure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1550.001 Application Access Token Lateral Movement
Adversaries may use stolen application access tokens to bypass the typical authentication process and access restricted accounts, information, or services on remote systems.
Why these techniques?

The flaw directly enables exploitation of a public-facing OIDC/IAM service (T1190) to illicitly obtain and abuse application access tokens (T1550.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7507Same product: Redhat Build Of Keycloak
CVE-2026-7504Same product: Redhat Build Of Keycloak
CVE-2026-3872Same product: Redhat Build Of Keycloak
CVE-2026-4282Same product: Redhat Build Of Keycloak
CVE-2026-4636Same product: Redhat Build Of Keycloak
CVE-2026-4634Same product: Redhat Build Of Keycloak
CVE-2026-7307Same product: Redhat Build Of Keycloak
CVE-2026-9795Same product: Redhat Build Of Keycloak
CVE-2026-3047Same product: Redhat Build Of Keycloak
CVE-2026-3009Same product: Redhat Build Of Keycloak

Affected Assets

redhat
build of keycloak
26.4 — 26.4.12

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References