A JWT algorithm confusion vulnerability was found in Keycloak's JWT Authorization Grant flow . A flaw in the signature verification logic allows an attacker with valid client credentials to submit a forged assertion using alg=HS256 with the Identity Provider's public key bytes as the HMAC secret, bypassing asymmetric signature verification. This enables the attacker to mint access tokens and impersonate any federated user linked to the affected IdP. The vulnerability requires an IdP configured with jwtAuthorizationGrantEnabled=true, a hardcoded public key (useJwksUrl=false), and no pinned assertion signature algorithm (the default).