13 matches found
Security Bulletin: IBM Enterprise Build of Quarkus is affected by an authentication/authentization bypass vulnerability
Summary Security Bulletin: IBM Enterprise Build of Quarkus is affected by an authentication/authentization bypass vulnerability Vulnerability Details ID: CVE-2026-50559 DESCRIPTION: Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1,...
CVE-2026-50559
Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...
CVE-2026-50559 Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities
Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...
CVE-2026-50559
The CVE-2026-50559 entry affects Quarkus HTTP path-based authorization. It allows bypass via encoded characters (semicolons %3B, slashes %2F, backslashes %5C) to smuggle matrix parameters or access protected static resources, before patches in versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, ...
CVE-2026-50559 Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities
Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...
PT-2026-51029
Name of the Vulnerable Software and Affected Versions Quarkus versions prior to 3.37.0 Quarkus versions prior to 3.36.3 Quarkus versions prior to 3.33.3 Quarkus versions prior to 3.33.2.1 Quarkus versions prior to 3.27.5 Quarkus versions prior to 3.27.4.1 Quarkus versions prior to 3.20.6.2...
io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...
io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...
io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...
CVE-2026-50559
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...
Path Equivalence
Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...
Path Equivalence
Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP request...
Path Equivalence
Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...