7.4
CVSS V3
Status
Fixed version
26.1.4-r0Status
Impact
This CVE exists in the latest release (v4) of netty-handler, which has yet to receive a patch. There is discussion this would be mitigated in an upcoming v5 of netty, but this is yet to be released and there is no ETA. netty-handler is a dependency of Quarkus, which is used by Keycloak. For more detail: https://github.com/netty/netty/issues/8537