CVE-2026-39852 Quarkus authorization bypass via semicolon path normalization inconsistency

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP...

Quarkus 安全漏洞

Quarkus is an open-source cloud-native Linux framework for writing Java applications. Quarkus has a security vulnerability that stems from inconsistent path normalization between the security layer and the routing layer. This vulnerability allows unauthenticated or low-privilege users to bypass...

Security Bulletin: Vulnerabilities in Quarkus affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Quarkus has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus ...

Quarkus Security Vulnerabilities

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from when a request is received via websocket and role-based permissions are not specified on a GraphQL operation, Quarkus processes the request without...

Quarkus Security Vulnerabilities

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus. An attacker could exploit this vulnerability to gain access to sensitive data...

Quarkus Security Vulnerabilities

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from not properly cleaning artifacts created using the Gradle plugin, which allows for the retention of certain build system information, allowing an...

Quarkus Security Vulnerabilities

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from one of the HTTP security policies failing to properly clean up certain character alignments when accepting a request, resulting in incorrect privileg...

Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from the unenforced use of the TLS protocol and the ability of a client to force an option to support a weaker TLS protocol...

Red Hat Quarkus 安全漏洞

Red Hat Quarkus is a wireless network from Red Hat, Inc. for optimizing Java specifically for containers and making it an efficient platform for serverless, cloud and Kubernetes environments. A security vulnerability exists in Quarkus 1.11.6 that originates from information disclosure via HTTP...