Red Hat Build Of Keycloak 26 6
Monthly
Signature-verification bypass in Keycloak (and Red Hat's Keycloak-based products such as Red Hat Single Sign-On 7 and Red Hat Build of Keycloak 26.6/26.6.4) lets an attacker holding valid client credentials abuse a JWT algorithm-confusion weakness in the JWT Authorization Grant flow to forge client assertions and mint unauthorized access tokens. The forged tokens allow impersonation of any federated user tied to the affected Identity Provider, yielding unauthorized access and potential privilege escalation. There is no public exploit identified at time of analysis and the issue is not on CISA KEV; Red Hat rates it 8.1 (High).
Signature-verification bypass in Keycloak (and Red Hat's Keycloak-based products such as Red Hat Single Sign-On 7 and Red Hat Build of Keycloak 26.6/26.6.4) lets an attacker holding valid client credentials abuse a JWT algorithm-confusion weakness in the JWT Authorization Grant flow to forge client assertions and mint unauthorized access tokens. The forged tokens allow impersonation of any federated user tied to the affected Identity Provider, yielding unauthorized access and potential privilege escalation. There is no public exploit identified at time of analysis and the issue is not on CISA KEV; Red Hat rates it 8.1 (High).