{
  "variant_outcome": "alternate_trigger_confirmed",
  "is_bypass": false,
  "is_distinct_variant": true,
  "variant_reproduced_on_vulnerable": true,
  "variant_reproduced_on_fixed": false,
  "repro_result": "alternate_trigger",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "privilege_escalation",
  "observed_impact_class": "authz_bypass",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "Forged HS256 JWT subject_token signed with the OIDC IdP's RSA public key DER bytes as the HMAC secret, submitted via grant_type=urn:ietf:params:oauth:grant-type:token-exchange (subject_token_type=urn:ietf:params:oauth:token-type:jwt, subject_issuer=<oidc-idp>)",
  "trigger_path": "POST /realms/{realm}/protocol/openid-connect/token grant_type=urn:ietf:params:oauth:grant-type:token-exchange + subject_token=<forged HS256 JWT> + subject_token_type=urn:ietf:params:oauth:token-type:jwt + subject_issuer=<oidc-idp> -> OIDCIdentityProvider.exchangeExternalImpl -> validateJwt -> verifySignature -> HardcodedPublicKeyLoader (HMAC branch on vulnerable)",
  "vulnerable_version_result": {
    "image": "quay.io/keycloak/keycloak:26.6.3",
    "http_status": 200,
    "outcome": "ACCEPTED",
    "issued_token_subject": "basic-user (preferred_username=basic-user, azp=te-client, iss=http://localhost:8080/realms/test-realm)"
  },
  "fixed_version_result": {
    "image": "quay.io/keycloak/keycloak:26.6.4",
    "http_status": 400,
    "outcome": "REJECTED",
    "error": "invalid_token",
    "error_description": "invalid token"
  },
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": false,
  "exploit_chain_demonstrated": true,
  "blocking_mitigation": "Fixed 26.6.4 rejects the forged HS256 subject_token (HardcodedPublicKeyLoader HMAC branch removed -> null key -> verifySignature fails -> invalid_token). This is the fix's Layer 2; the fix's Layer 1 (AbstractBaseJWTValidator.validateSignatureAlgorithm algorithm-type gate) does NOT run on the OIDC external token-exchange path, so this entry point is defended only by Layer 2.",
  "fix_coverage_for_variant": "covered_by_layer2_only",
  "same_root_cause_as_parent": true,
  "distinct_entry_point_from_parent": true,
  "trust_boundary_crossed": "network API (Keycloak OIDC token endpoint) - attacker submits forged subject_token JWT",
  "inferred": false,
  "notes": "Confirmed distinct alternate trigger (different entry point, same root cause/sink). Not a bypass: the released fix (26.6.4) rejects the forged token. The finding is actionable: the fix's primary algorithm-type gate does not cover the OIDC external token-exchange (and broker ID-token) verifySignature path; it relies solely on HardcodedPublicKeyLoader not reintroducing an HMAC branch. Recommendation: add an algorithm-type allow-list check to OIDCIdentityProvider.verifySignature()."
}
