Plateforme
java
Composant
org.keycloak:keycloak-parent
Corrigé dans
26.5.3
CVE-2026-1518 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the Client Initiation and Backchannel Authentication (CIBA) feature of Keycloak. This flaw allows attackers to potentially make requests to internal services within the Keycloak infrastructure, bypassing intended security boundaries. The vulnerability affects Keycloak versions up to 26.5.2. A fix is available in a later version; upgrading is the recommended remediation.
The SSRF vulnerability in Keycloak's CIBA feature allows an attacker to craft malicious client configurations that trigger requests to internal services. Because the validation of backchannel notification endpoints is insufficient, an attacker can effectively blind the Keycloak server to the destination of these requests. This could lead to unauthorized access to sensitive internal resources, such as databases, configuration files, or other internal APIs. While the CVSS score is LOW, the potential for lateral movement and data exfiltration within the Keycloak environment should not be underestimated. Exploitation could reveal internal network topology and expose critical infrastructure components.
CVE-2026-1518 was published on February 2, 2026. The vulnerability's CVSS score is currently rated as LOW (2.7), suggesting a relatively low probability of exploitation in the wild. No public Proof-of-Concept (PoC) code has been publicly released at the time of writing. It is not currently listed on KEV or EPSS, indicating a low immediate threat level. Monitor security advisories and threat intelligence feeds for any changes in the exploitation landscape.
Statut de l'Exploit
EPSS
0.01% (percentile 1%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-1518 is to upgrade Keycloak to a version that includes the fix. Consult the official Keycloak advisory for the specific patched version. If immediate upgrading is not feasible, consider implementing temporary workarounds. These may include restricting network access to the Keycloak server using firewalls or network segmentation to limit the potential blast radius of a successful SSRF attack. Carefully review and restrict client configurations to prevent malicious backchannel notification endpoints. Monitor Keycloak logs for unusual outbound requests that could indicate exploitation attempts. After upgrading, confirm the fix by attempting to trigger a CIBA flow with a malicious backchannel URL and verifying that the request is blocked.
Actualice a una versión de Keycloak que haya solucionado la vulnerabilidad de SSRF. Consulte las notas de la versión de Red Hat Build of Keycloak para obtener información sobre la versión corregida y las instrucciones de actualización.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-1518 is a Server-Side Request Forgery (SSRF) vulnerability affecting Keycloak versions up to 26.5.2. It allows attackers to potentially make requests to internal services through the CIBA feature due to insufficient endpoint validation.
You are affected if you are using Keycloak version 26.5.2 or earlier. Check your Keycloak version using /opt/keycloak/bin/kc version and upgrade if necessary.
Upgrade Keycloak to a patched version that addresses the vulnerability. Consult the official Keycloak advisory for the specific patched version. Consider temporary workarounds like network segmentation if immediate upgrading is not possible.
As of the current assessment, CVE-2026-1518 is not known to be actively exploited in the wild. However, it's crucial to apply the fix proactively to mitigate potential risks.
Refer to the official Keycloak security advisories on the Keycloak website or through their mailing list for the most up-to-date information and guidance regarding CVE-2026-1518.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.