CVE ID :CVE-2026-4874 Published : March 26, 2026, 8:16 a.m. | 53 minutes ago Description :A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure. Severity: 3.1 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...