CVE-2026-7507

Red Hat (Keycloak) · Keycloak

A session fixation vulnerability exists in Keycloak's login-actions endpoints, potentially allowing attackers to hijack user sessions.

Executive summary

A session fixation vulnerability within Keycloak's login-actions endpoints allows attackers to potentially compromise user session integrity.

Vulnerability

This is a session fixation vulnerability located in the login-actions endpoints of Keycloak. The flaw allows an attacker to manipulate or fix a session identifier, which may lead to unauthorized account access if the attacker can force a user to authenticate with a pre-determined session ID.

Business impact

A successful exploit could allow an attacker to hijack active user sessions, leading to unauthorized access to sensitive application data and administrative functions. With a CVSS score of 7.5, this vulnerability poses a significant risk to the security and confidentiality of user accounts within the identity management environment.

Remediation

Immediate Action: Apply the latest security patches provided by the Keycloak vendor immediately.

Proactive Monitoring: Review access logs for anomalous session activity and investigate any unusual login patterns or session token reuse.

Compensating Controls: Ensure that session management best practices are enforced, such as strict session timeout policies and the use of secure, HTTP-only session cookies.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Identity management systems are high-value targets; therefore, this vulnerability should be remediated as a priority. Administrators must prioritize the application of vendor-supplied patches to ensure the integrity of the authentication flow and protect against session hijacking.