logo

Database

Authentication mechanism absence or evasion In org.keycloak:keycloak-parent

Description

Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-07072. NVD-2026-07073. OSV-2026-07074. GCVE-2026-07075. access.redhat.com6. access.redhat.com7. ACCESS-CVE-2026-0707

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=2427768

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.