VYPR

apk package

chainguard/opensearch-fips-3-k-nn

pkg:apk/chainguard/opensearch-fips-3-k-nn

Vulnerabilities (1)

  • CVE-2026-40542HigApr 22, 2026
    affected < 3.6.0-r2fixed 3.6.0-r2

    Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue.