Lucene search
K

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 12:41 p.m.3 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by an authentication/authentization bypass vulnerability

Summary Security Bulletin: IBM Enterprise Build of Quarkus is affected by an authentication/authentization bypass vulnerability Vulnerability Details ID: CVE-2026-50559 DESCRIPTION: Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1,...

7.5CVSS5.8AI score0.00463EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/06/19 9:17 p.m.14 views

CVE-2026-50559

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...

7.5CVSS0.00463EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/06/19 8:26 p.m.28 views

CVE-2026-50559 Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...

7.5CVSS0.00463EPSS
Exploits1References1
CVE
CVE
added 2026/06/19 8:26 p.m.21 views

CVE-2026-50559

The CVE-2026-50559 entry affects Quarkus HTTP path-based authorization. It allows bypass via encoded characters (semicolons %3B, slashes %2F, backslashes %5C) to smuggle matrix parameters or access protected static resources, before patches in versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, ...

7.5CVSS5.8AI score0.00463EPSS
Exploits1References10Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/19 8:26 p.m.5 views

CVE-2026-50559 Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...

7.5CVSS5.8AI score0.00463EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-51029

Name of the Vulnerable Software and Affected Versions Quarkus versions prior to 3.37.0 Quarkus versions prior to 3.36.3 Quarkus versions prior to 3.33.3 Quarkus versions prior to 3.33.2.1 Quarkus versions prior to 3.27.5 Quarkus versions prior to 3.27.4.1 Quarkus versions prior to 3.20.6.2...

7.5CVSS5.9AI score0.00463EPSS
Exploits1References16
RedHat Linux
RedHat Linux
added 2026/06/17 9:2 p.m.10 views

io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

7.5CVSS5.3AI score0.00463EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.11 views

io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

7.5CVSS5.4AI score0.00463EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.7 views

io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

7.5CVSS5.4AI score0.00463EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/17 11:13 a.m.10 views

CVE-2026-50559

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

7.5CVSS5AI score0.00463EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/17 12:0 a.m.6 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00463EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 12:0 a.m.8 views

Path Equivalence

Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP request...

8.7CVSS5.9AI score0.00463EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 12:0 a.m.6 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00463EPSS
Exploits1References2
Rows per page
Query Builder