GHSA-GV94-WP4H-VV8P Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

CVE-2026-0707

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

CVE-2026-0707

CVE-2026-0707 affects Keycloak’s Authorization header parser, which is overly permissive with the Bearer scheme. The vulnerability accepts non-standard separators (e.g., tabs) and tolerates case variations that deviate from RFC 6750, enabling potential authentication handling bypasses. Public sou...

PT-2026-1976

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters, such as tabs, as separators...