VYPR
Low severity2.7GHSA Advisory· Published Feb 2, 2026· Updated Apr 15, 2026

CVE-2026-1518

CVE-2026-1518

Description

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-parentMaven
<= 26.5.2

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.