Threats Tagged 'cve-2026-2332'

An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products: * camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data [rhboac-camel-quarkus-3] (CVE-2026-40858) * camel-infinispan-common: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data [rhboac-camel-quarkus-3] (CVE-2026-40858) * camel-amqp: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage [rhboac-camel-quarkus-3] (CVE-2026-40860) * camel-jms: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage [rhboac-camel-quarkus-3] (CVE-2026-40860) * camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization [rhboac-camel-quarkus-3] (CVE-2026-6857) * jetty-http: HTTP request smuggling via chunked extension quoted-string parsing [rhboac-camel-quarkus-3] (CVE-2026-2332)

This Red Hat Offline Knowledge Portal release upgrades from Solr 9.8.1 to Solr 10.0.0, and fixes several CVEs. It also includes content updates as of May 26 2026.

JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications running locally or deployed in production environments. Security Fix(es): * lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing (CVE-2025-66566) * org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing (CVE-2026-2332) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.28 release is based on Eclipse Che 7.117 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2. Users still using the v1 standard should migrate as soon as possible. https://devfile.io/docs/2.2.0/migrating-to-devfile-v2 Dev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates. https://access.redhat.com/support/policy/updates/openshift#crw

Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.27 release is based on Eclipse Che 7.115 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2. Users still using the v1 standard should migrate as soon as possible. https://devfile.io/docs/2.2.0/migrating-to-devfile-v2 Dev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates. https://access.redhat.com/support/policy/updates/openshift#crw

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.16.63. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2026:20086 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/

CVE-2026-2332 is a high-severity vulnerability in Eclipse Jetty's HTTP/1.1 parser that allows HTTP request smuggling via malformed chunk extensions. The parser incorrectly terminates chunk extension parsing at a carriage return and line feed inside quoted strings instead of treating this as an error. This flaw enables an attacker to inject a smuggled HTTP request by crafting chunked transfer encoding with unterminated quoted strings in chunk extensions. Affected versions include Jetty 9.4.0 through 12.1.0. No official patch or remediation guidance has been provided yet.