CVEFinder.io

CVE-2026-7507

⚠️ high
🔍 Scan for this CVE
Summary

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which processes session handles without adequate CSRF protection or cookie ownership validation—an attacker can reset the authentication flow state. This causes Single Sign-On (SSO) to authenticate the victim t

Description

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which processes session handles without adequate CSRF protection or cookie ownership validation—an attacker can reset the authentication flow state. This causes Single Sign-On (SSO) to authenticate the victim transparently upon clicking the link, allowing the attacker to hijack the required-action form without needing the victim's credentials. A successful exploit could lead to complete account takeover, including highly privileged administrative accounts.

CVSS Score
7.5
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-19
First Seen: 2026-05-20
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.0% of all 326,604 vulnerabilities in our database.

#101,315
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 19, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
🏆 Discovered By
Red Hat would like to thank Hacking Team (Calif.io) for reporting this issue.
SSVC data provided by CISA
Last Modified 2026-06-03
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-290

📦 Affected Products 1

Vendor Product Status Affected Versions
redhat build_of_keycloak Affected
> 26.4 < 26.4.12

🔗 References 6

https://access.redhat.com/errata/RHSA-2026:19594
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:19595
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:19596
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:19597
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-7507
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2464145
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-9791 🔶 medium 4.3 0.0 A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by acces... 2026-05-28
CVE-2026-9792 🔶 medium 6.5 0.0 A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When cer... 2026-05-28
CVE-2026-9793 🔶 medium 5.9 0.0 A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incor... 2026-05-28
CVE-2026-9794 🔶 medium 5.3 0.0 A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially cra... 2026-05-28
CVE-2026-9795 ⚠️ high 7.3 0.0 A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client man... 2026-05-28
CVE-2026-9796 🔶 medium 6.5 0.0 A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check ... 2026-05-28
These CVEs affect the same products