CVE-2026-1518 – Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak

CVE ID : CVE-2026-1518

Published : Feb. 2, 2026, 8:16 a.m. | 59 minutes ago

Description : A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.

Severity: 2.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-9974 – Insufficient Input Validation on WEBUI in Nokia ONT/Beacon product

CVE-2026-20419 – Cisco WLAN AP/STA Firmware Denial of Service Vulnerability

CVE-2026-20418 – Windows Cisco Router Out-of-Bounds Write Privilege Escalation

CVE-2026-20417 – Broadcom PCIe Missing Bounds Check Out-of-Bounds Write Vulnerability