RHSA-2026:0131HighCVSS 7.5
Red Hat Security Advisory: Red Hat build of Quarkus 3.20.4.SP1 security update
🔗 CVE IDs covered (3)
📋 Description
CVE-2025-11966 — io.vertx/vertx-web: Eclipse Vert.x cross site scripting CVE-2025-12183 — lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure CVE-2025-66566 — lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
🔗 References (6)
- selfhttps://access.redhat.com/errata/RHSA-2026:0131
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/products/quarkus/
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=3.20.4.SP1
- externalhttps://docs.redhat.com/en/documentation/red_hat_build_of_quarkus/3.20
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0131.json