What is the CVSS score of EUVD-2026-16142?

EUVD-2026-16142 has a CVSS 3.1 base score of 3.1 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Red Hat Build Of Keycloak are affected by EUVD-2026-16142?

CVE-2026-4874 is a low-severity vulnerability in A flaw involving SSRF (CVSS 3.1).

How to fix or mitigate EUVD-2026-16142?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Red Hat Build Of Keycloak EUVD-2026-16142

| CVE-2026-4874 LOW

Server-Side Request Forgery (SSRF) (CWE-918)

2026-03-26 redhat

SSRF Information Disclosure Red Hat Build Of Keycloak Red Hat Jboss Enterprise Application Platform 8 Red Hat Jboss Enterprise Application Platform Expansion Pack Red Hat Single Sign On 7

3.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

3.1 LOW

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Red Hat

3.1 LOW

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 26, 2026 - 07:45 euvd

EUVD-2026-16142

Analysis Generated

Mar 26, 2026 - 07:45 vuln.today

CVE Published

Mar 26, 2026 - 07:12 nvd

LOW 3.1

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

47 maven packages depend on org.keycloak:keycloak-services (15 direct, 32 indirect)

Ecosystem-wide dependent count for version 26.6.0.

DescriptionNVD

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the client_session_host parameter during refresh token requests. This occurs when a Keycloak client is configured to use the backchannel.logout.url with the application.session.host placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure.

AnalysisAI

A SSRF vulnerability in A flaw (CVSS 3.1) that allows the attacker. Remediation should follow standard vulnerability management procedures.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	CVSS 3.1. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker could exploit this vulnerability in A flaw to compromise the security of affected deployments, potentially impacting confidentiality, integrity, or availability.
Remediation	Monitor vendor channels for patch availability. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

During next maintenance window: Apply vendor patches when convenient. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Debian

Bug #1088287

keycloak

Release	Status	Fixed Version	Urgency
	open	-	-

EUVD-2026-16142 vulnerability details – vuln.today

Back

Red Hat Build Of Keycloak EUVD-2026-16142

Severity by source

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

Debian

Share

External POC / Exploit Code