CVE-2026-39852

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP...

CVE-2026-39852 Quarkus authorization bypass via semicolon path normalization inconsistency

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP...

EUVD-2025-18925

Malicious code in bioql PyPI...

CVE-2025-49574

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to 3.24.1, 3.20.2, and 3.15.6, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation...

CVE-2025-49574

CVE-2025-49574 affects Quarkus (Java) where data from a duplicated Vert.x context may leak into another transaction due to duplicating a duplicated context. Public details indicate this impacts versions prior to 3.24.1, 3.20.2, and 3.15.6, with patches provided in those versions. Remediation is t...

CVE-2025-49574 Quarkus potential data leak when duplicating a duplicated context

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to 3.24.1, 3.20.2, and 3.15.6, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation...

Quarkus 环境问题漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications. An environmental issue vulnerability exists in Quarkus that stems from the inclusion of an HTTP cookie smuggling issue...

GHSA-JQH2-CH7P-XWXH Quarkus CXF logs passwords and other secrets

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...

PT-2023-3549 · Unknown · Quarkus-Core

Name of the Vulnerable Software and Affected Versions: quarkus-core affected versions not specified Description: A vulnerability was found in the implementation of the TLS protocol in the Quarkus Java framework. This issue is related to the insufficient reliability of encryption when using the...