CVE-2026-0707 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-0707 PUBLISHED CVSS 5.300000190734863 MEDIUM

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.

EPSS 0.03% · 8.2th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Score

0.03%

8.2th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat build of Keycloak 26.4	26.4.10-1
Red Hat	Red Hat build of Keycloak 26.4	26.4-12
Red Hat	Red Hat build of Keycloak 26.4	26.4-12
Maven	org.keycloak:keycloak-parent	0
Red Hat	Red Hat build of Keycloak 26.4.10

Timeline

Jan 8, 2026 CVE Published
Jan 8, 2026 EPSS Score
Jan 11, 2026 EPSS Score
Jan 13, 2026 EPSS Score
Jan 16, 2026 EPSS Score
Jan 18, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 24, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 29, 2026 EPSS Score
Feb 1, 2026 EPSS Score
Feb 3, 2026 EPSS Score

References

RHSA-2026:3947 vendor-advisory
RHSA-2026:3948 vendor-advisory
https://access.redhat.com/security/cve/CVE-2026-0707 vdb
RHBZ#2427768 issue
https://nvd.nist.gov/vuln/detail/CVE-2026-0707 advisory
https://github.com/keycloak/keycloak package

Open in Interactive Console →