GHSA-fwhw-chw4-gh37

Опубликовано: 02 фев. 2026

Источник: github

Github: Прошло ревью

CVSS3: 2.7

Описание

Keycloak Server-Side Request Forgery (SSRF) vulnerability

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.

Ссылки

Пакеты

Наименование

org.keycloak:keycloak-parent

maven

Затронутые версииВерсия исправления

<= 26.5.2

Отсутствует

EPSS

Процентиль: 6%

0.00024

Низкий

2.7 Low

CVSS3

CVE ID

CVE-2026-1518

Дефекты

CWE-918

Связанные уязвимости

CVE-2026-1518

CVSS3: 2.7

nvd

6 дней назад

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.

CVE-2026-1518

CVSS3: 2.7

debian

6 дней назад

A flaw was found in Keycloak\u2019s CIBA feature where insufficient va ...

EPSS

Процентиль: 6%

0.00024

Низкий

2.7 Low

CVSS3

CVE ID

CVE-2026-1518

Дефекты

CWE-918