EUVD-2026-16142

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

Server-side Request Forgery (SSRF)

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the clientsessionhost parameter during refresh token requests when the...

GHSA-22RM-WP4X-V5CX Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

CVE-2026-4874

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

CVE-2026-4874 Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

CVE-2026-4874 Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

CVE-2026-4874

Keycloak vulnerability CVE-2026-4874 enables an authenticated attacker to perform Server-Side Request Forgery (SSRF) by manipulating the client_session_host parameter during refresh token requests when a client is configured to use backchannel.logout.url with the application.session.host placehol...

CVE-2026-4874

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the clientsessionhost parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host...

PT-2026-28224

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An authenticated attacker can perform Server-Side Request Forgery SSRF by manipulating the client session host parameter during refresh token requests. This is possible when a Keycloak clien...

Session Fixation

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Session Fixation in the backchannel logout when browser cookies are missing. An attacker using the same brows...

EUVD-2019-0509

Malware in sbrugna...

CVE-2024-11736

CVE-2024-11736 (Keycloak) : The vulnerability arises when admins configure backchannel logout or admin URLs containing placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with environment variables/system properties during URL processing, potentially allowing a...

Keycloak allows unrestricted admin use of system and environment variables

A security vulnerability has been identified that allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. Specifically, when configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME ...

org.keycloak:keycloak-quarkus-server: Unrestricted admin use of system and environment variables

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...

PT-2025-1684 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A security issue allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin...

keycloak: Backchannel logout not working when Principal Type is set to Attribute Name for external SAML IDP

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute Name...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.7 security update

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

keycloak: Backchannel logout not working when Principal Type is set to Attribute Name for external SAML IDP

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute Name...

keycloak: Backchannel logout not working when Principal Type is set to Attribute Name for external SAML IDP

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute Name...