Red Hat Security Advisory: Red Hat build of Apache Camel 4.18 for Quarkus 3.33 security update
🔗 CVE IDs covered (11)
📋 Description
CVE-2026-43868 — Apache Thrift: Apache Thrift: Denial of Service via excessive memory allocation CVE-2026-43869 — Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation CVE-2026-44249 — netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation CVE-2026-44893 — netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message CVE-2026-45416 — netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake CVE-2026-45674 — netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation CVE-2026-47691 — io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records CVE-2026-48043 — netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak CVE-2026-48059 — netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers CVE-2026-50010 — netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass CVE-2026-50559 — io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters
🔗 References (25)
- selfhttps://access.redhat.com/errata/RHSA-2026:26586
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/security/cve/CVE-2026-45416
- externalhttps://access.redhat.com/security/cve/CVE-2026-45674
- externalhttps://access.redhat.com/security/cve/CVE-2026-50010
- externalhttps://access.redhat.com/security/cve/CVE-2026-47691
- externalhttps://access.redhat.com/security/cve/CVE-2026-48059
- externalhttps://access.redhat.com/security/cve/CVE-2026-48043
- externalhttps://access.redhat.com/security/cve/CVE-2026-44893
- externalhttps://access.redhat.com/security/cve/CVE-2026-44249
- externalhttps://access.redhat.com/security/cve/CVE-2026-50559
- externalhttps://access.redhat.com/security/cve/CVE-2026-43868
- externalhttps://access.redhat.com/security/cve/CVE-2026-43869
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2466660
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2466670
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2486959
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2488081
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2488383
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2488391
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2488400
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2488429
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2488437
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2488439
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2488442
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26586.json