logo

Database

Server-side request forgery (SSRF) In org.keycloak:keycloak-parent

Description

Keycloak Server-Side Request Forgery (SSRF) vulnerability A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-15182. NVD-2026-15183. OSV-2026-15184. GCVE-2026-15185. ACCESS-CVE-2026-1518

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=2433727

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.