RHSA-2026:8509HighCVSS 7.5

Red Hat Security Advisory: Red Hat AMQ Broker 7.14.0 release and security update

Published
April 16, 2026
Last Modified
June 9, 2026

🔗 CVE IDs covered (6)

📋 Description

CVE-2026-1605 — org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests CVE-2026-24281 — Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing CVE-2026-24308 — Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values CVE-2026-32642 — Apache Artemis: Apache ActiveMQ Artemis: Apache Artemis and Apache ActiveMQ Artemis: Unauthorized address creation due to incorrect authorization during JMS topic subscription. CVE-2026-33870 — io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values CVE-2026-33871 — netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

🔗 References (36)