Security Advisory

CVE-2026-1518

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-02 07:17:46

Last updated 2026-02-02 14:07:02

Assigner redhat

State PUBLISHED

Description

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.

← Browse all CVEs View on cve.org ↗