RHSA-2026:3951HighCVSS 7.5
Red Hat Security Advisory: JBoss EAP XP 5.0 Update 4.0 release. See references for release notes.
🔗 CVE IDs covered (3)
📋 Description
CVE-2025-58057 — netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack CVE-2025-66566 — lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing CVE-2026-1002 — io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2026:3951
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0/html/red_hat_jboss_eap_xp_5.0_release_notes/index
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0/html/jboss_eap_xp_5.0_upgrade_and_migration_guide/index
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0/html/using_jboss_eap_xp_5.0/index
- externalhttps://access.redhat.com/security/cve/CVE-2026-1002
- externalhttps://access.redhat.com/security/cve/CVE-2025-58057
- externalhttps://access.redhat.com/security/cve/CVE-2025-66566
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3951.json