CVE-2026-4366

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw exists in Keycloak, an identity and access management solution, where it incorrectly handles HTTP redirects when processing specific client configuration requests. This allows an attacker to manipulate the server into making unintended requests to internal or restricted resources. Consequently, sensitive internal services, such as cloud metadata endpoints, could be accessed, potentially leading to information disclosure and enabling attackers to map internal network infrastructure. The issue involves a server-side request forgery (SSRF) condition through improper handling of HTTP redirects.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.