VYPR

apk package

chainguard/keycloak-fips-26.6-operator

pkg:apk/chainguard/keycloak-fips-26.6-operator

Vulnerabilities (22)

  • CVE-2026-6860MedMay 6, 2026
    affected < 26.6.2-r0fixed 26.6.2-r0

    A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.

  • CVE-2026-39852HigMay 5, 2026
    affected < 26.6.2-r0fixed 26.6.2-r0

    Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged user

Page 2 of 2