GHSA-fwhw-chw4-gh37

Опубликовано: 02 фев. 2026

Источник: github

Github: Прошло ревью

CVSS3: 2.7

Описание

Keycloak Server-Side Request Forgery (SSRF) vulnerability

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.

Ссылки

Пакеты

Наименование

org.keycloak:keycloak-parent

maven

Затронутые версииВерсия исправления

<= 26.5.2

Отсутствует

EPSS

Процентиль: 1%

0.00011

Низкий

2.7 Low

CVSS3

CVE ID

CVE-2026-1518

Дефекты

CWE-918

Связанные уязвимости

CVE-2026-1518

CVSS3: 2.7

redhat

2 месяца назад

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.

CVE-2026-1518

CVSS3: 2.7

nvd

около 2 месяцев назад

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.

CVE-2026-1518

CVSS3: 2.7

debian

около 2 месяцев назад

A flaw was found in Keycloak\u2019s CIBA feature where insufficient va ...

EPSS

Процентиль: 1%

0.00011

Низкий

2.7 Low

CVSS3

CVE ID

CVE-2026-1518

Дефекты

CWE-918