RHSA-2026:24502HighCVSS 7.5
Red Hat Security Advisory: Red Hat build of Quarkus 3.33.2 release and security update
🔗 CVE IDs covered (5)
📋 Description
CVE-2026-42578 — netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation CVE-2026-42579 — netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement CVE-2026-42581 — netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers CVE-2026-42584 — netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion CVE-2026-42587 — netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
🔗 References (82)
- selfhttps://access.redhat.com/errata/RHSA-2026:24502
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/products/quarkus/
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=3.33.2
- externalhttps://docs.redhat.com/en/documentation/red_hat_build_of_quarkus/3.33
- externalhttps://issues.redhat.com/browse/QUARKUS-7634
- externalhttps://issues.redhat.com/browse/QUARKUS-7635
- externalhttps://issues.redhat.com/browse/QUARKUS-7636
- externalhttps://issues.redhat.com/browse/QUARKUS-7637
- externalhttps://issues.redhat.com/browse/QUARKUS-7638
- externalhttps://issues.redhat.com/browse/QUARKUS-7639
- externalhttps://issues.redhat.com/browse/QUARKUS-7640
- externalhttps://issues.redhat.com/browse/QUARKUS-7641
- externalhttps://issues.redhat.com/browse/QUARKUS-7642
- externalhttps://issues.redhat.com/browse/QUARKUS-7643
- externalhttps://issues.redhat.com/browse/QUARKUS-7644
- externalhttps://issues.redhat.com/browse/QUARKUS-7645
- externalhttps://issues.redhat.com/browse/QUARKUS-7646
- externalhttps://issues.redhat.com/browse/QUARKUS-7647
- externalhttps://issues.redhat.com/browse/QUARKUS-7648
- externalhttps://issues.redhat.com/browse/QUARKUS-7649
- externalhttps://issues.redhat.com/browse/QUARKUS-7650
- externalhttps://issues.redhat.com/browse/QUARKUS-7651
- externalhttps://issues.redhat.com/browse/QUARKUS-7652
- externalhttps://issues.redhat.com/browse/QUARKUS-7653
- externalhttps://issues.redhat.com/browse/QUARKUS-7654
- externalhttps://issues.redhat.com/browse/QUARKUS-7655
- externalhttps://issues.redhat.com/browse/QUARKUS-7656
- externalhttps://issues.redhat.com/browse/QUARKUS-7657
- externalhttps://issues.redhat.com/browse/QUARKUS-7658
- externalhttps://issues.redhat.com/browse/QUARKUS-7659
- externalhttps://issues.redhat.com/browse/QUARKUS-7660
- externalhttps://issues.redhat.com/browse/QUARKUS-7661
- externalhttps://issues.redhat.com/browse/QUARKUS-7666
- externalhttps://issues.redhat.com/browse/QUARKUS-7686
- externalhttps://issues.redhat.com/browse/QUARKUS-7727
- externalhttps://issues.redhat.com/browse/QUARKUS-7728
- externalhttps://issues.redhat.com/browse/QUARKUS-7729
- externalhttps://issues.redhat.com/browse/QUARKUS-7730
- externalhttps://issues.redhat.com/browse/QUARKUS-7731
- externalhttps://issues.redhat.com/browse/QUARKUS-7732
- externalhttps://issues.redhat.com/browse/QUARKUS-7733
- externalhttps://issues.redhat.com/browse/QUARKUS-7734
- externalhttps://issues.redhat.com/browse/QUARKUS-7735
- externalhttps://issues.redhat.com/browse/QUARKUS-7736
- externalhttps://issues.redhat.com/browse/QUARKUS-7737
- externalhttps://issues.redhat.com/browse/QUARKUS-7738
- externalhttps://issues.redhat.com/browse/QUARKUS-7739
- externalhttps://issues.redhat.com/browse/QUARKUS-7740
- externalhttps://issues.redhat.com/browse/QUARKUS-7741
- externalhttps://issues.redhat.com/browse/QUARKUS-7742
- externalhttps://issues.redhat.com/browse/QUARKUS-7743
- externalhttps://issues.redhat.com/browse/QUARKUS-7744
- externalhttps://issues.redhat.com/browse/QUARKUS-7745
- externalhttps://issues.redhat.com/browse/QUARKUS-7746
- externalhttps://issues.redhat.com/browse/QUARKUS-7747
- externalhttps://issues.redhat.com/browse/QUARKUS-7748
- externalhttps://issues.redhat.com/browse/QUARKUS-7749
- externalhttps://issues.redhat.com/browse/QUARKUS-7750
- externalhttps://issues.redhat.com/browse/QUARKUS-7751
- externalhttps://issues.redhat.com/browse/QUARKUS-7752
- externalhttps://issues.redhat.com/browse/QUARKUS-7753
- externalhttps://issues.redhat.com/browse/QUARKUS-7754
- externalhttps://issues.redhat.com/browse/QUARKUS-7783
- externalhttps://issues.redhat.com/browse/QUARKUS-7784
- externalhttps://issues.redhat.com/browse/QUARKUS-7785
- externalhttps://issues.redhat.com/browse/QUARKUS-7786
- externalhttps://issues.redhat.com/browse/QUARKUS-7787
- externalhttps://issues.redhat.com/browse/QUARKUS-7788
- externalhttps://issues.redhat.com/browse/QUARKUS-7789
- externalhttps://issues.redhat.com/browse/QUARKUS-7790
- externalhttps://issues.redhat.com/browse/QUARKUS-7791
- externalhttps://issues.redhat.com/browse/QUARKUS-7795
- externalhttps://issues.redhat.com/browse/QUARKUS-7796
- externalhttps://issues.redhat.com/browse/QUARKUS-7797
- externalhttps://issues.redhat.com/browse/QUARKUS-7798
- externalhttps://issues.redhat.com/browse/QUARKUS-7799
- externalhttps://issues.redhat.com/browse/QUARKUS-7810
- externalhttps://issues.redhat.com/browse/QUARKUS-7811
- externalhttps://issues.redhat.com/browse/QUARKUS-7843
- externalhttps://issues.redhat.com/browse/QUARKUS-7863
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24502.json