RHSA-2026:26194HighCVSS 7.5
Red Hat Security Advisory: Red Hat build of Quarkus 3.20.6.SP2 security update
🔗 CVE IDs covered (1)
📋 Description
CVE-2026-50559 — io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters
🔗 References (6)
- selfhttps://access.redhat.com/errata/RHSA-2026:26194
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/products/quarkus/
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=3.20.6.SP2
- externalhttps://docs.redhat.com/en/documentation/red_hat_build_of_quarkus/3.20
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26194.json