CVE-2026-4874

{"id": "CVE-2026-4874", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2026-03-26T08:16:22.700", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-4874", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451611", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server\u2019s network context, potentially probing internal networks or internal APIs, leading to information disclosure."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Keycloak. Un atacante autenticado puede realizar falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) manipulando el par\u00e1metro 'client_session_host' durante las peticiones de token de actualizaci\u00f3n. Esto ocurre cuando un cliente de Keycloak est\u00e1 configurado para usar la 'backchannel.logout.url' con el marcador de posici\u00f3n 'application.session.host'. La explotaci\u00f3n exitosa permite al atacante realizar peticiones HTTP desde el contexto de red del servidor de Keycloak, potencialmente sondeando redes internas o APIs internas, lo que lleva a la revelaci\u00f3n de informaci\u00f3n."}], "lastModified": "2026-04-01T14:11:28.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D8BC03A-4198-4488-946B-3F6B43962942"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A24CBFB-4900-47A5-88D2-A44C929603DC"}, {"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}