VDB
CVE-2026-4874
CVE-2026-4874
PUBLISHED
CVSS 3.0999999046325684 LOW
Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation
EPSS 0.01% · 0.9th percentile
Risk Scores
CVSS v3.1
3.0999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.01%
0.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | single_sign-on | 7.0 |
| redhat | build_of_keycloak | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | |
| Maven | org.keycloak:keycloak-services | 0, 0, 0 |
| redhat | jboss_enterprise_application_platform | 8.0.0 |
| Red Hat | Red Hat Build of Keycloak | |
| Red Hat | Red Hat Build of Keycloak | |
| Red Hat | Red Hat Single Sign-On 7 | |
| Red Hat | Red Hat Build of Keycloak | |
| redhat | jboss_enterprise_application_platform_expansion_pack |
Timeline
- Mar 26, 2026 CVE Published
- Mar 26, 2026 PoC Published
- Mar 26, 2026 PoC Published
- Mar 27, 2026 EPSS Score
- Mar 27, 2026 Coalition ESS Score
- Mar 27, 2026 PoC Published
- Mar 28, 2026 Security Advisory
- Apr 13, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score