RHSA-2026:23808HighCVSS 7.5
Red Hat Security Advisory: Red Hat build of Quarkus 3.27.4 release and security update
🔗 CVE IDs covered (5)
📋 Description
CVE-2026-42578 — netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation CVE-2026-42579 — netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement CVE-2026-42581 — netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers CVE-2026-42584 — netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion CVE-2026-42587 — netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
🔗 References (37)
- selfhttps://access.redhat.com/errata/RHSA-2026:23808
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/products/quarkus/
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=3.27.4
- externalhttps://docs.redhat.com/en/documentation/red_hat_build_of_quarkus/3.27
- externalhttps://issues.redhat.com/browse/QUARKUS-6793
- externalhttps://issues.redhat.com/browse/QUARKUS-7610
- externalhttps://issues.redhat.com/browse/QUARKUS-7615
- externalhttps://issues.redhat.com/browse/QUARKUS-7616
- externalhttps://issues.redhat.com/browse/QUARKUS-7617
- externalhttps://issues.redhat.com/browse/QUARKUS-7618
- externalhttps://issues.redhat.com/browse/QUARKUS-7619
- externalhttps://issues.redhat.com/browse/QUARKUS-7620
- externalhttps://issues.redhat.com/browse/QUARKUS-7621
- externalhttps://issues.redhat.com/browse/QUARKUS-7622
- externalhttps://issues.redhat.com/browse/QUARKUS-7623
- externalhttps://issues.redhat.com/browse/QUARKUS-7624
- externalhttps://issues.redhat.com/browse/QUARKUS-7625
- externalhttps://issues.redhat.com/browse/QUARKUS-7626
- externalhttps://issues.redhat.com/browse/QUARKUS-7627
- externalhttps://issues.redhat.com/browse/QUARKUS-7628
- externalhttps://issues.redhat.com/browse/QUARKUS-7630
- externalhttps://issues.redhat.com/browse/QUARKUS-7631
- externalhttps://issues.redhat.com/browse/QUARKUS-7632
- externalhttps://issues.redhat.com/browse/QUARKUS-7633
- externalhttps://issues.redhat.com/browse/QUARKUS-7664
- externalhttps://issues.redhat.com/browse/QUARKUS-7774
- externalhttps://issues.redhat.com/browse/QUARKUS-7775
- externalhttps://issues.redhat.com/browse/QUARKUS-7776
- externalhttps://issues.redhat.com/browse/QUARKUS-7777
- externalhttps://issues.redhat.com/browse/QUARKUS-7778
- externalhttps://issues.redhat.com/browse/QUARKUS-7779
- externalhttps://issues.redhat.com/browse/QUARKUS-7780
- externalhttps://issues.redhat.com/browse/QUARKUS-7781
- externalhttps://issues.redhat.com/browse/QUARKUS-7812
- externalhttps://issues.redhat.com/browse/QUARKUS-7813
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_23808.json