CVE-2026-1180

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw exists in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using private key jwt. The issue allows a client to specify an arbitrary jwks uri, which Keycloak retrieves without validating the destination. This enables attackers to coerce the Keycloak server into making HTTP requests to internal or restricted network resources. As a result, attackers can probe internal services and cloud metadata endpoints, creating an information disclosure and reconnaissance risk.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.