CVE-2026-7507
Published: May 19, 2026
Modified: May 20, 2026
CVSS v3.1
7.5
Description
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which processes session handles without adequate CSRF protection or cookie ownership validation—an attacker can reset the authentication flow state. This causes Single Sign-On (SSO) to authenticate the victim transparently upon clicking the link, allowing the attacker to hijack the required-action form without needing the victim's credentials. A successful exploit could lead to complete account takeover, including highly privileged administrative accounts.
| Vendor | Product | Versions |
|---|---|---|
Red Hat | Red Hat build of Keycloak 26.2 | unaffected 26.2.16-1 - < * |
Red Hat | Red Hat build of Keycloak 26.2 | unaffected 26.2-21 - < * |
Red Hat | Red Hat build of Keycloak 26.2 | unaffected 26.2-21 - < * |
Red Hat | Red Hat build of Keycloak 26.2.16 | All versions |
Red Hat | Red Hat build of Keycloak 26.4 | unaffected 26.4.12-1 - < * |
Red Hat | Red Hat build of Keycloak 26.4 | unaffected 26.4-17 - < * |
Red Hat | Red Hat build of Keycloak 26.4 | unaffected 26.4-17 - < * |
Red Hat | Red Hat build of Keycloak 26.4.12 | All versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now