Keycloak does not invalidate offline sessions when the offline_access scope is removed
Moderate severity
GitHub Reviewed
Published
Oct 23, 2025
to the GitHub Advisory Database
•
Updated Feb 17, 2026
Give feedback on Dependabot alerts