CVE-2026-50559

🗓️ 17 Jun 2026 11:13:14Reported by redhat.comType

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static re...

Reporter	Title	Published	Views	Family All 9
CVE	CVE-2026-50559	17 Jun 202611:13	–	cve
RedHat Linux	Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.33.2.SP1 security update	17 Jun 202615:45	–	redhat
RedHat Linux	io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters	17 Jun 202615:45	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.4.SP1 security update	17 Jun 202616:18	–	redhat
RedHat Linux	io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters	17 Jun 202616:18	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.6.SP2 security update	17 Jun 202621:02	–	redhat
RedHat Linux	io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters	17 Jun 202621:02	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: Red Hat build of Apache Camel 4.18 for Quarkus 3.33 security update	17 Jun 202623:05	–	redhat
RedHat Linux	io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters	17 Jun 202623:05	–	redhat

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-50559
github	www.github.com/quarkusio/quarkus/security/advisories/GHSA-qcxp-gm7m-4j5v
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

17 Jun 2026 16:18Current

5Medium risk

Vulners AI Score5

CVSS 3.17.5