Red Hat · Keycloak · CVE-2026-1518
**Name of the Vulnerable Software and Affected Versions**
Keycloak (affected versions not specified)
**Description**
A flaw exists in Keycloak’s CIBA feature related to inadequate validation of client-configured backchannel notification endpoints. This could allow for blind server-side requests to internal services. The issue involves the potential for unauthorized access to internal services through improperly validated endpoints.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.