[15:44:01] === CVE-2026-11800 VARIANT: Federated JWT Client Auth Algorithm Confusion === [15:44:01] Creating Docker network: kcnet-cve11800-variant [15:44:01] Pulling vulnerable image: quay.io/keycloak/keycloak:26.6.3 [15:44:02] Pulling fixed image: quay.io/keycloak/keycloak:26.6.4 [15:44:03] Starting vulnerable Keycloak (26.6.3)... [15:44:04] Starting fixed Keycloak (26.6.4)... [15:44:04] Starting Python client container... [15:44:09] Installing Python dependencies in client container... [15:44:13] Python dependencies installed. [15:44:13] Waiting for vulnerable Keycloak to be ready... [15:44:22] vulnerable Keycloak is UP (after 12s) [15:44:22] Waiting for fixed Keycloak to be ready... [15:44:23] fixed Keycloak is UP (after 3s) [15:44:23] Writing variant exploit script to client container... [15:44:23] Running variant exploit against both Keycloak instances... [15:58:58] === CVE-2026-11800 VARIANT: OIDC External Token Exchange Algorithm Confusion === [15:58:59] Pulling vulnerable image: quay.io/keycloak/keycloak:26.6.3 [15:59:01] Pulling fixed image: quay.io/keycloak/keycloak:26.6.4 [15:59:02] Starting vulnerable Keycloak (26.6.3) with --features=token-exchange,admin-fine-grained-authz:v1... [15:59:02] Starting fixed Keycloak (26.6.4) with --features=token-exchange,admin-fine-grained-authz:v1... [15:59:02] Starting Python client container... [15:59:08] Installing Python dependencies... [15:59:11] Waiting for vulnerable Keycloak to be ready... [15:59:21] vulnerable Keycloak is UP (after 12s) [15:59:21] Waiting for fixed Keycloak to be ready... [15:59:21] fixed Keycloak is UP (after 3s) [15:59:21] Copying variant exploit script to client container... [15:59:21] Running variant exploit against both Keycloak instances... [15:59:34] Exploit process exit code: 1 [15:59:34] Variant verdict: alternate_trigger [15:59:34] Capturing Keycloak server logs... [15:59:34] Resolving tested Keycloak image build metadata... [15:59:34] Wrote runtime_manifest.json [15:59:34] Cleaning up containers and network... [15:59:35] === Variant reproduction complete (verdict: alternate_trigger) === [15:59:47] === CVE-2026-11800 VARIANT: OIDC External Token Exchange Algorithm Confusion === [15:59:47] Pulling vulnerable image: quay.io/keycloak/keycloak:26.6.3 [15:59:49] Pulling fixed image: quay.io/keycloak/keycloak:26.6.4 [15:59:50] Starting vulnerable Keycloak (26.6.3) with --features=token-exchange,admin-fine-grained-authz:v1... [15:59:50] Starting fixed Keycloak (26.6.4) with --features=token-exchange,admin-fine-grained-authz:v1... [15:59:51] Starting Python client container... [15:59:56] Installing Python dependencies... [15:59:59] Waiting for vulnerable Keycloak to be ready... [16:00:09] vulnerable Keycloak is UP (after 12s) [16:00:09] Waiting for fixed Keycloak to be ready... [16:00:09] fixed Keycloak is UP (after 3s) [16:00:09] Copying variant exploit script to client container... [16:00:09] Running variant exploit against both Keycloak instances... [16:00:21] Exploit process exit code: 1 [16:00:21] Variant verdict: alternate_trigger [16:00:21] Capturing Keycloak server logs... [16:00:21] Resolving tested Keycloak image build metadata... [16:00:22] Wrote runtime_manifest.json [16:00:22] Cleaning up containers and network... [16:00:22] === Variant reproduction complete (verdict: alternate_trigger) ===