eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name

A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security TLS handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service DoS condition, impacting the availability of t...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.4.SP1 security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name

A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security TLS handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service DoS condition, impacting the availability of t...

Path Equivalence

Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP request...

io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests

A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...

Important: Red Hat Security Advisory: HawtIO 4.4.0 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.4.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

Security Bulletin: IBM Automation Decision Services for May 2026- Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Automation Decision Services. See full list below. Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included...

Security Bulletin: There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-6860)

Summary There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-6860 DESCRIPTION: A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepte...

com.datasqrl.flinkrunner:datagen-connectors (=0.10.1), com.datasqrl.flinkrunner:kafka-safe-connector (>=0.9.0 <=0.10.1) +75 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (=2.2.0)

org.apache.flink:flink-table-api-java MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.flink:flink-table-api-java and may be impacted: - com.datasqrl.flinkrunner:datagen-connectors =0.10.1 -...

com.datasqrl:sqrl-discovery (>=0.9.0 <=0.10.4), com.datasqrl:sqrl-planner (>=0.9.0 <=0.10.4) +6 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (=2.2.0)

org.apache.flink:flink-table-planner2.12 MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.flink:flink-table-planner2.12 and may be impacted: - com.datasqrl:sqrl-discovery =0.9.0, =0.9.0, =0.9.0, =0.2.0, =0.2.0, =0.2.0,...

Security Bulletin: IBM SPSS Analytic Server is affected by a Vert.x Web Static Handler cache manipulation vulnerability (CVE-2026-1002)

Summary IBM SPSS Analytic Server is affected by a Vert.x Web Static Handler cache manipulation vulnerability CVE-2026-1002. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated t...

ai.stapi:arango-axon (>=0.0.1 <=0.0.2), ai.stapi:arango-graph (>=0.0.1 <=0.0.2) +3011 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.4.0 <=4.4.9)

io.vertx:vertx-core MAVEN version =4.4.0, =0.0.1, =0.0.1, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =23.3.0, =23.3.0, =23.3.0, =23.9.1 and more Source cves: CVE-2026-6860 Source advisory: OSV:GHSA-3G76-F9XQ-8VP6...

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +4778 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.5.0 <=4.5.26)

io.vertx:vertx-core MAVEN version =4.5.0, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0, =0.1.0, =0.0.86, =0.0.86, =0.0.86, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 -...

ai.tock:bot-test (>=26.3.1 <=26.3.2), ai.tock:bot-test-base (>=26.3.1 <=26.3.2) +561 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=5.0.0 <=5.0.11)

io.vertx:vertx-core MAVEN version =5.0.0, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.2 and more Source cves: CVE-2026-6860 Source advisory: OSV:GHSA-3G76-F9XQ-8VP6...

Vert.x has a DoS via unbounded server-side SNI SslContext cache growth

Potential unbounded server-side SNI SslContext cache growth in Vert.x TLS handling, with = resource-exhaustion / DoS impact. On affected versions, matching server-side SNI names are cached via computeIfAbsentserverName, ... in a serverName-keyed SslContext cache. The implementation differs slight...

GHSA-3G76-F9XQ-8VP6 Vert.x has a DoS via unbounded server-side SNI SslContext cache growth

Potential unbounded server-side SNI SslContext cache growth in Vert.x TLS handling, with = resource-exhaustion / DoS impact. On affected versions, matching server-side SNI names are cached via computeIfAbsentserverName, ... in a serverName-keyed SslContext cache. The implementation differs slight...

ai.tock:bot-test (>=26.3.1 <=26.3.2), ai.tock:bot-test-base (>=26.3.1 <=26.3.2) +556 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=5.0.0.CR1 <=5.0.11)

io.vertx:vertx-core MAVEN version =5.0.0.CR1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.2 and more Source cves: CVE-2026-6860 Source advisory: SNYK:JAVA-IOVERTX-16433278...

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +6369 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.3.4 <=4.5.26)

io.vertx:vertx-core MAVEN version =4.3.4, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0, =0.1.0, =0.0.86, =0.0.86, =0.0.86, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 -...

Allocation of Resources Without Limits or Throttling

Overview io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the TLS handshake process, where the SslContext cache can be forced to grow indefinitely. The...

Eclipse Vert.x 安全漏洞

Eclipse Vert.x is a toolkit developed by the Eclipse Foundation for building responsive applications on the JVM. There is a security vulnerability in Eclipse Vert.x, which stems from the fact that the TCP client can perform TLS handshakes and present server name extensions. These server name...