Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 3:22 p.m.3 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by an authorization bypass vulnerability

Summary IBM Enterprise Build of Quarkus is affected by an authorization bypass vulnerability CVE-2026-39852 Vulnerability Details CVEID:CVE-2026-39852 DESCRIPTION: Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1,...

8.8CVSS5.9AI score0.00432EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/05/05 8:58 p.m.36 views

CVE-2026-39852

Summary of CVE-2026-39852 : Quarkus exposes an authorization bypass due to path normalization mismatch between the security layer and RESTEasy Reactive routing, which preserves semicolons (matrix parameters) in the raw URL while routing drops them for endpoint matching. This allows unauthenticate...

8.8CVSS5.9AI score0.00432EPSS
Exploits0References9Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/04 5:20 p.m.7 views

com.github.fmcejudo:quarkus-eureka (>=1.0.0 <=1.1.1), com.github.fmcejudo:quarkus-eureka-deployment (>=1.0.0 <=1.1.1) +70 more potentially affected by CVE-2026-39852 via io.quarkus:quarkus-undertow (>=3.0.0.Alpha1 <=3.20.6)

io.quarkus:quarkus-undertow MAVEN version =3.0.0.Alpha1, =1.0.0, =1.0.0, =2.0.0-alpha1, =24.4.0, =24.4.0, =2.0.0-alpha1, =24.4.0, =24.4.0, =2.0.0, =2.0.0, =24.0.0, =24.8.3, =9.2.3, =0.23.0, =0.11.2, =0.24.5 and more Source cves: CVE-2026-39852 Source advisory: SNYK:JAVA-IOQUARKUS-16420253...

8.8CVSS5.7AI score0.00432EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/04 5:20 p.m.8 views

ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.8.38 <=1.20.1), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=0.8.38 <=1.20.1) +2517 more potentially affected by CVE-2026-39852 via io.quarkus:quarkus-vertx-http (>=0.23.0 <=3.20.6)

io.quarkus:quarkus-vertx-http MAVEN version =0.23.0, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.0.1, =0.0.1, =0.0.1, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.2, =0.0.5 and more Source cves: CVE-2026-39852 Source advisory: OSV:GHSA-RC95-PCM8-65V9...

8.8CVSS5.7AI score0.00432EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.6 views

PT-2026-36916

Name of the Vulnerable Software and Affected Versions Quarkus version 3.32.4 Description An authorization bypass exists where semicolons used as matrix parameters in HTTP requests can circumvent security constraints, potentially granting unauthorized access to protected resources. Unauthenticated...

9.8CVSS5.9AI score0.00818EPSS
Exploits9References73
Rows per page
Query Builder