721 matches found
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.2.SP2)
An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available RHBQ 3.33.2.SP2. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...
io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...
Security Bulletin: IBM Enterprise Build of Quarkus is affected by an authentication/authentization bypass vulnerability
Summary Security Bulletin: IBM Enterprise Build of Quarkus is affected by an authentication/authentization bypass vulnerability Vulnerability Details ID: CVE-2026-50559 DESCRIPTION: Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1,...
CVE-2026-50559
Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...
CVE-2026-50559
The CVE-2026-50559 entry affects Quarkus HTTP path-based authorization. It allows bypass via encoded characters (semicolons %3B, slashes %2F, backslashes %5C) to smuggle matrix parameters or access protected static resources, before patches in versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, ...
CVE-2026-50559 Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities
Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...
CVE-2026-50559
Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...
CVE-2026-50559 Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities
Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...
PT-2026-51029
Name of the Vulnerable Software and Affected Versions Quarkus versions prior to 3.37.0 Quarkus versions prior to 3.36.3 Quarkus versions prior to 3.33.3 Quarkus versions prior to 3.33.2.1 Quarkus versions prior to 3.27.5 Quarkus versions prior to 3.27.4.1 Quarkus versions prior to 3.20.6.2...
Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities
Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Eclipse Netty and Eclipse Vert.x Vulnerability Details CVEID:CVE-2026-45416 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and...
Important: Red Hat Security Advisory: Red Hat build of Apache Camel 4.18 for Quarkus 3.33 security update
A security update for Red Hat build of Apache Camel 4.18 for Quarkus 3.33 is now available. This text-only errata provides information about enhancements that improve your developer experience and ensure the security and stability of your applications. Red Hat Product Security has rated this upda...
io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...
io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.6.SP2 security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.4.SP1 security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
CVE-2026-50559
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...
Path Equivalence
Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP request...
Path Equivalence
Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...
Path Equivalence
Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...