Red Hat Security Advisory: Red Hat build of Quarkus 3.27.3 release and security update
Red Hat has released an important security update for its build of Quarkus version 3. 27. 3 addressing five vulnerabilities. These include denial of service and request smuggling issues in Netty components, directory traversal in Plexus-utils, code injection in Apache Avro Java SDK, and cache manipulation in Vert. x core. The update fixes these vulnerabilities to improve security and stability. No known exploits in the wild have been reported. Users of Red Hat build of Quarkus are advised to apply this update after ensuring all prior errata are installed.
AI Analysis
Technical Summary
The Red Hat build of Quarkus 3.27.3 release includes fixes for five security vulnerabilities: CVE-2026-33871 (Netty HTTP/2 CONTINUATION frame flood causing denial of service), CVE-2026-33870 (Netty HTTP/1.1 chunked transfer encoding extension parsing leading to request smuggling), CVE-2025-67030 (directory traversal in Plexus-utils extractFile method), CVE-2025-33042 (code injection vulnerability in Apache Avro Java SDK generated code), and CVE-2026-1002 (manipulation of Vert.x static handler component cache causing denial of access to static files). These vulnerabilities affect components bundled in the Red Hat build of Quarkus and are addressed in this release. The advisory rates the update as Important and recommends applying it after prior errata are installed.
Potential Impact
The vulnerabilities fixed in this update could allow attackers to cause denial of service conditions, perform HTTP request smuggling, execute code injection via generated Java code, and exploit directory traversal flaws. These issues could impact the confidentiality, integrity, and availability of applications using the affected components within Red Hat build of Quarkus. However, no known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has provided an official security update in the form of Red Hat build of Quarkus 3.27.3 that addresses these vulnerabilities. Users should apply this update after ensuring all previously released errata relevant to their system have been installed. Detailed instructions for applying the update are available in the Red Hat advisory. No additional mitigation actions are indicated by the vendor.
Red Hat Security Advisory: Red Hat build of Quarkus 3.27.3 release and security update
Description
Red Hat has released an important security update for its build of Quarkus version 3. 27. 3 addressing five vulnerabilities. These include denial of service and request smuggling issues in Netty components, directory traversal in Plexus-utils, code injection in Apache Avro Java SDK, and cache manipulation in Vert. x core. The update fixes these vulnerabilities to improve security and stability. No known exploits in the wild have been reported. Users of Red Hat build of Quarkus are advised to apply this update after ensuring all prior errata are installed.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Red Hat build of Quarkus 3.27.3 release includes fixes for five security vulnerabilities: CVE-2026-33871 (Netty HTTP/2 CONTINUATION frame flood causing denial of service), CVE-2026-33870 (Netty HTTP/1.1 chunked transfer encoding extension parsing leading to request smuggling), CVE-2025-67030 (directory traversal in Plexus-utils extractFile method), CVE-2025-33042 (code injection vulnerability in Apache Avro Java SDK generated code), and CVE-2026-1002 (manipulation of Vert.x static handler component cache causing denial of access to static files). These vulnerabilities affect components bundled in the Red Hat build of Quarkus and are addressed in this release. The advisory rates the update as Important and recommends applying it after prior errata are installed.
Potential Impact
The vulnerabilities fixed in this update could allow attackers to cause denial of service conditions, perform HTTP request smuggling, execute code injection via generated Java code, and exploit directory traversal flaws. These issues could impact the confidentiality, integrity, and availability of applications using the affected components within Red Hat build of Quarkus. However, no known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has provided an official security update in the form of Red Hat build of Quarkus 3.27.3 that addresses these vulnerabilities. Users should apply this update after ensuring all previously released errata relevant to their system have been installed. Detailed instructions for applying the update are available in the Red Hat advisory. No additional mitigation actions are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:7380
- Cve Count
- 5
- Additional Cves
- ["CVE-2025-67030","CVE-2026-1002","CVE-2026-33870","CVE-2026-33871"]
- Cvss Version
- null
Threat ID: 6a160988e29bf47b50652f08
Added to database: 5/26/2026, 8:58:48 PM
Last enriched: 5/26/2026, 10:36:12 PM
Last updated: 5/27/2026, 12:47:23 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.