keycloak-fips
Chainguard
Status
Impact
This vulnerability affects the keycloak-services component version 26.3.2 in the FIPS-enabled variant. The GitHub Advisory indicates no fix is currently available (firstPatchedVersion: null). This is a self-contained vulnerability in the Keycloak services JAR that requires upstream maintainers to develop and release a security fix. Unlike the EOL keycloak-21.1 package, this is an actively supported FIPS version that should receive security updates from upstream.
Status