CNNVD-202602-150 Information
Feb 02, 2026
cve
CNNVD ID
CNNVD-202602-150
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在代码问题漏洞,该漏洞源于CIBA功能对客户端配置的后端通知端点验证不足,可能导致对内部服务的盲服务器端请求。
Description (English)
Keycloak is an open-source identity and access management solution for Keycloak. Keycloak has a code problem loophole, which stems from the inadequate validation of the CIBA backend notification endpoint for the client ’ s configuration, which may lead to blind server requests for internal services.
Hazard Level
Critical
Vulnerability Type
代码问题
Affected Vendor
Keycloak
Published
2026-02-02
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/CVE-2026-1518 https://bugzilla.redhat.com/show_bug.cgi?id=2433727
Patch
https://www.keycloak.org/downloads
Share on: