keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.
"https://github.com/pypa/advisory-database/blob/main/vulns/keycloak-httpd-client-install/PYSEC-2026-829.yaml"