Security Bulletin: There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-6860)

Summary There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-6860 DESCRIPTION: A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepte...

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +4683 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.5.0 <=4.5.25)

io.vertx:vertx-core MAVEN version =4.5.0, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.86, =0.0.86, =0.0.86, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 - ai.pipestream.module:module-chunk...

ai.stapi:arango-axon (>=0.0.1 <=0.0.2), ai.stapi:arango-graph (>=0.0.1 <=0.0.2) +3010 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.4.0 <=4.4.9)

io.vertx:vertx-core MAVEN version =4.4.0, =0.0.1, =0.0.1, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =0.9.39, =23.3.0, =23.3.0, =23.3.0, =23.9.1 and more Source cves: CVE-2026-6860 Source advisory: OSV:GHSA-3G76-F9XQ-8VP6...

ai.tock:bot-test (>=25.9.0 <=26.3.1), ai.tock:bot-test-base (>=25.9.0 <=26.3.1) +773 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=5.0.0 <=5.0.8)

io.vertx:vertx-core MAVEN version =5.0.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.1 and more Source cves: CVE-2026-6860 Source advisory: OSV:GHSA-3G76-F9XQ-8VP6...

Allocation of Resources Without Limits or Throttling

Overview io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the TLS handshake process, where the SslContext cache can be forced to grow indefinitely. The...

ai.tock:bot-test (=26.3.1), ai.tock:bot-test-base (=26.3.1) +437 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=5.0.0.CR1 <=5.0.11)

io.vertx:vertx-core MAVEN version =5.0.0.CR1, =5.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on io.vertx:vertx-core and may be impacted: - ai.tock:bot-test =26.3.1 - ai.tock:bot-test-base =26.3.1 - ai.tock:bot-toolkit =26.3.1 -...

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +6304 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.3.4 <=4.5.26)

io.vertx:vertx-core MAVEN version =4.3.4, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.86, =0.0.86, =0.0.86, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 - ai.pipestream.module:module-chunk...

Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application (CVE-2026-1002)

Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application CVE-2026-1002 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.GA)

An update for Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available RHBQ 3.27.3.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. An update for Red H...

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.6 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002.

Summary IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be...

Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-1002)

Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the...

Linux Distros Unpatched Vulnerability : CVE-2026-1002

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request UR...

HTTP Request Smuggling

Overview io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of / in the output buffer by removeDots function in Static Handler. An attacker can prevent access to stati...

ai.tock:bot-test (>=25.9.0 <=26.3.1), ai.tock:bot-test-base (>=25.9.0 <=26.3.1) +599 more potentially affected by CVE-2026-1002 via io.vertx:vertx-core (>=5.0.0.CR1 <=5.0.6)

io.vertx:vertx-core MAVEN version =5.0.0.CR1, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.1 and more Source cves: CVE-2026-1002 Source advisory: OSV:GHSA-CPHF-4846-3XX9...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +7660 more potentially affected by CVE-2026-1002 via io.vertx:vertx-core (>=4.0.0-milestone1 <=4.5.23)

io.vertx:vertx-core MAVEN version =4.0.0-milestone1, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.1.1, =0.1.1, =0.2.0, =0.2.0, =0.2.0, =0.2.11 and more Source cves: CVE-2026-1002 Source advisory: SNYK:JAVA-IOVERTX-14988768...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +9805 more potentially affected by CVE-2026-1002 via io.vertx:vertx-core (>=2.0.0-CR1 <=4.5.23)

io.vertx:vertx-core MAVEN version =2.0.0-CR1, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 and more Source cves: CVE-2026-1002 Source advisory: OSV:GHSA-CPHF-4846-3XX9...