CVE-2026-4874 | Red Hat Keycloak Refresh Token client_session_host server-side request forgery

Inserito da Angelo Barbosa | Mar 26, 2026 | CVE

A vulnerability classified as critical has been found in Red Hat Keycloak. The impacted element is an unknown function of the component Refresh Token Handler. This manipulation of the argument client_session_host causes server-side request forgery.

The identification of this vulnerability is CVE-2026-4874. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2026-4874 | Red Hat Keycloak Refresh Token client_session_host server-side request forgery

Post correlati

CVE-2024-56685 | Linux Kernel up to 6.11.10/6.12.1 mediatek soc.h num_codecs null pointer dereference

CVE-2025-11947 | bftpd up to 6.2 Configuration File options.c expand_groups heap-based overflow

CVE-2024-35757 | 5 Star Plugins Easy Age Verify Plugin up to 1.8.2 on WordPress cross site scripting

CVE-2024-53239 | Linux Kernel up to 6.12.1 ALSA usb6fire_chip_abort use after free