2026-02-02 07:17:46
redhat
PUBLISHED
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.