Red Hat Security Advisory: Red Hat build of Quarkus 3.33.2.SP1 security update
🔗 CVE IDs covered (14)
📋 Description
CVE-2026-6860 — eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name CVE-2026-44249 — netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation CVE-2026-44893 — netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message CVE-2026-45416 — netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake CVE-2026-45673 — netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs CVE-2026-45674 — netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation CVE-2026-47244 — netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams CVE-2026-47691 — io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records CVE-2026-48043 — netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak CVE-2026-48059 — netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers CVE-2026-50010 — netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass CVE-2026-50020 — netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder CVE-2026-50559 — io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters CVE-2026-50560 — netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling
🔗 References (7)
- selfhttps://access.redhat.com/errata/RHSA-2026:26017
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/products/quarkus/
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=3.33.2.SP1
- externalhttps://docs.redhat.com/en/documentation/red_hat_build_of_quarkus/3.33
- externalhttps://issues.redhat.com/browse/QUARKUS-7955
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26017.json