RHSA-2026:23808HighCVSS 7.5

Red Hat Security Advisory: Red Hat build of Quarkus 3.27.4 release and security update

Published
June 10, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (5)

📋 Description

CVE-2026-42578 — netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation CVE-2026-42579 — netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement CVE-2026-42581 — netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers CVE-2026-42584 — netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion CVE-2026-42587 — netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

🔗 References (37)