Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application (CVE-2026-1002)

Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application CVE-2026-1002 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.GA)

An update for Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available RHBQ 3.27.3.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. An update for Red H...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.5 XP 6.0.3.GA release

JBoss EAP XP 6.0.3.GA release on the EAP 8.1 base. See references for release notes. This is a cumulative patch release zip for the JBoss EAP XP 6.0.3 runtime distribution for use with EAP 8.1.5. Security Fixes: vertx-core: static handler component cache can be manipulated to deny the access to...

CVE-2026-1002 vulnerabilities

Vulnerabilities for packages: apache-pulsar, spark, knative-kafka-broker-fips, spark-fips, apicurio-registry, keycloak, kafka-bridge, druid, knative-kafka-broker, keycloak-fips, kafka-bridge-fips, wildfly, strimzi-kafka-operator...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +7693 more potentially affected by CVE-2026-1002 via io.vertx:vertx-core (>=4.0.0-milestone1 <=4.5.23)

io.vertx:vertx-core MAVEN version =4.0.0-milestone1, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.1.1, =0.1.1, =0.2.0, =0.2.0, =0.2.0, =0.2.11 and more Source cves: CVE-2026-1002 Source advisory: SNYK:JAVA-IOVERTX-14988768...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +9838 more potentially affected by CVE-2026-1002 via io.vertx:vertx-core (>=2.0.0-CR1 <=4.5.23)

io.vertx:vertx-core MAVEN version =2.0.0-CR1, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 and more Source cves: CVE-2026-1002 Source advisory: OSV:GHSA-CPHF-4846-3XX9...

CVE-2026-1002

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

CVE-2026-1002

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

CVE-2026-1002

CVE-2026-1002 affects the Vert.x Web static handler cache. The issue stems from an improper implementation of the RFC3986 C-rule (section 5.2.4), enabling an attacker to craft a URI (e.g., bar%2F..%2F) that can cause denial of access to static files served by the handler. Connected evidence indic...