Threats Tagged 'cve-2026-2332'

The Red Hat Offline Knowledge Portal has been updated to upgrade Solr from version 9. 8. 1 to 10. 0. 0 and to fix multiple security vulnerabilities identified by several CVEs including CVE-2025-11143 and CVE-2026-2332. This update addresses security issues related to the underlying components such as jetty-http and Solr, improving the security posture of the portal. The update also includes content updates as of May 26, 2026. No known exploits are reported in the wild for these vulnerabilities. The update is distributed as a container image available from the Red Hat container registry.

JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications running locally or deployed in production environments. Security Fix(es): * lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing (CVE-2025-66566) * org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing (CVE-2026-2332) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This release of Red Hat build of Quarkus 3.20.6.SP1 includes the following CVE fixes: * quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests [quarkus-3.20] (CVE-2026-39852) * bcprov-jdk18on: GOSTCTR implementation unable to process more than 255 blocks correctly [quarkus-3.20] (CVE-2025-14813) * bcpkix-jdk18on: PKIX draft CompositeVerifier accepts empty signature sequence as valid [quarkus-3.20] (CVE-2026-5588) * bcprov-jdk18on: LDAP injection vulnerability in LDAPStoreHelper.java [quarkus-3.20] (CVE-2026-0636) For more information, see the release notes page listed in the References section.

Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.27 release is based on Eclipse Che 7.115 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2. Users still using the v1 standard should migrate as soon as possible. https://devfile.io/docs/2.2.0/migrating-to-devfile-v2 Dev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates. https://access.redhat.com/support/policy/updates/openshift#crw

CVE-2026-2332 is a high-severity vulnerability in Eclipse Jetty's HTTP/1. 1 parser that allows HTTP request smuggling via malformed chunk extensions. The parser incorrectly terminates chunk extension parsing at a carriage return and line feed inside quoted strings instead of treating this as an error. This flaw enables an attacker to inject a smuggled HTTP request by crafting chunked transfer encoding with unterminated quoted strings in chunk extensions. Affected versions include Jetty 9. 4. 0 through 12. 1. 0. No official patch or remediation guidance has been provided yet.