apk package
chainguard/keycloak-fips-26.6-operator
pkg:apk/chainguard/keycloak-fips-26.6-operator
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6860 | Med | 5.3 | < 26.6.2-r0 | 26.6.2-r0 | May 6, 2026 | A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used. | |
| CVE-2026-39852 | Hig | 8.2 | < 26.6.2-r0 | 26.6.2-r0 | May 5, 2026 | Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged user |
- affected < 26.6.2-r0fixed 26.6.2-r0
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.
- affected < 26.6.2-r0fixed 26.6.2-r0
Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged user
Page 2 of 2