Security Bulletin: There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-6860)

Summary There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-6860 DESCRIPTION: A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepte...

ai.stapi:arango-axon (>=0.0.1 <=0.0.2), ai.stapi:arango-graph (>=0.0.1 <=0.0.2) +3011 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.4.0 <=4.4.9)

io.vertx:vertx-core MAVEN version =4.4.0, =0.0.1, =0.0.1, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =23.3.0, =23.3.0, =23.3.0, =23.9.1 and more Source cves: CVE-2026-6860 Source advisory: OSV:GHSA-3G76-F9XQ-8VP6...

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +4778 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.5.0 <=4.5.26)

io.vertx:vertx-core MAVEN version =4.5.0, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0, =0.1.0, =0.0.86, =0.0.86, =0.0.86, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 -...

ai.tock:bot-test (>=26.3.1 <=26.3.2), ai.tock:bot-test-base (>=26.3.1 <=26.3.2) +561 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=5.0.0 <=5.0.11)

io.vertx:vertx-core MAVEN version =5.0.0, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.2 and more Source cves: CVE-2026-6860 Source advisory: OSV:GHSA-3G76-F9XQ-8VP6...

ai.tock:bot-test (>=26.3.1 <=26.3.2), ai.tock:bot-test-base (>=26.3.1 <=26.3.2) +556 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=5.0.0.CR1 <=5.0.11)

io.vertx:vertx-core MAVEN version =5.0.0.CR1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.1, =26.3.2 and more Source cves: CVE-2026-6860 Source advisory: SNYK:JAVA-IOVERTX-16433278...

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +6369 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.3.4 <=4.5.26)

io.vertx:vertx-core MAVEN version =4.3.4, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0, =0.1.0, =0.0.86, =0.0.86, =0.0.86, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 -...

Allocation of Resources Without Limits or Throttling

Overview io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the TLS handshake process, where the SslContext cache can be forced to grow indefinitely. The...

Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application (CVE-2026-1002)

Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application CVE-2026-1002 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler...

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.GA)

An update for Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available RHBQ 3.27.3.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. An update for Red H...

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.6 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002.

Summary IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be...

Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-1002)

Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the...

Linux Distros Unpatched Vulnerability : CVE-2026-1002

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request UR...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +9838 more potentially affected by CVE-2026-1002 via io.vertx:vertx-core (>=2.0.0-CR1 <=4.5.23)

io.vertx:vertx-core MAVEN version =2.0.0-CR1, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 and more Source cves: CVE-2026-1002 Source advisory: OSV:GHSA-CPHF-4846-3XX9...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +7693 more potentially affected by CVE-2026-1002 via io.vertx:vertx-core (>=4.0.0-milestone1 <=4.5.23)

io.vertx:vertx-core MAVEN version =4.0.0-milestone1, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.1.1, =0.1.1, =0.2.0, =0.2.0, =0.2.0, =0.2.11 and more Source cves: CVE-2026-1002 Source advisory: SNYK:JAVA-IOVERTX-14988768...

HTTP Request Smuggling

Overview io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of / in the output buffer by removeDots function in Static Handler. An attacker can prevent access to stati...

ai.tock:bot-test (>=25.9.0 <=26.3.2), ai.tock:bot-test-base (>=25.9.0 <=26.3.2) +686 more potentially affected by CVE-2026-1002 via io.vertx:vertx-core (>=5.0.0.CR1 <=5.0.6)

io.vertx:vertx-core MAVEN version =5.0.0.CR1, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2026-1002 Source advisory: OSV:GHSA-CPHF-4846-3XX9...