Authentication Scheme Parsing Bypass

org.keycloak, keycloak-parent is vulnerable to Authentication Scheme Parsing Bypass. The vulnerability is due to an overly permissive Authorization header parser that accepts non-standard separators such as tabs and improper case variations for the “Bearer” scheme, which allows an attacker to...

Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

CVE-2026-0707

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

CVE-2026-0707 Keycloak: keycloak authorization header parsing leading to potential security control bypass

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

ips-evasion.txt

Summarized from https://strikecenter.bpointsys.com/ Many commercial IPS products fail to decode HTTP requests which use 0x0c, 0x0b, and 0x0d instead of the normal 0x20/0x09 separators. A request in the following format will evade most IPS protocol decoders: $ echo -ne...