Threats Tagged 'cve-2026-33871'

Red Hat has released an important security update for its build of Quarkus 3. 20. 6 that addresses multiple vulnerabilities across several components. These include request smuggling in Netty's HTTP codec, denial of service via HTTP/2 CONTINUATION frame flood, directory traversal in Plexus-utils, code injection in Apache Avro Java SDK, and cache manipulation in Vert. x static handler. The update fixes five distinct CVEs and is rated with a high security impact by Red Hat. No known exploits in the wild have been reported. Users of Red Hat build of Quarkus are advised to apply this update after ensuring all prior errata are installed.

Red Hat has released an important security update for its build of Quarkus version 3. 27. 3 addressing five vulnerabilities. These include denial of service and request smuggling issues in Netty components, directory traversal in Plexus-utils, code injection in Apache Avro Java SDK, and cache manipulation in Vert. x core. The update fixes these vulnerabilities to improve security and stability. No known exploits in the wild have been reported. Users of Red Hat build of Quarkus are advised to apply this update after ensuring all prior errata are installed.

Red Hat has released an important security update for Red Hat Build of Apache Camel 4. 14 for Quarkus 3. 27 (RHBQ 3. 27. 3. GA). This update addresses three vulnerabilities: CVE-2026-1002, which allows manipulation of the static handler component cache to deny access to static files; CVE-2026-33870, a request smuggling vulnerability in Netty due to incorrect parsing of HTTP/1. 1 chunked transfer encoding extension values; and CVE-2026-33871, a denial of service vulnerability via HTTP/2 CONTINUATION frame flood in Netty. The update improves security and stability and is recommended for affected users. No known exploits in the wild have been reported at this time.

Red Hat AMQ Broker 7. 14. 0 includes multiple security fixes addressing vulnerabilities in components such as Eclipse Jetty, Netty, Apache ZooKeeper, and Apache Artemis. These vulnerabilities include denial of service, request smuggling, impersonation via DNS spoofing, information disclosure, and unauthorized address creation due to incorrect authorization. The update is rated as important by Red Hat Product Security and addresses six distinct CVEs. Users are advised to back up their installations before applying the update. No known exploits in the wild have been reported at this time.

Red Hat Streams for Apache Kafka 3. 2. 0 includes multiple security fixes addressing vulnerabilities such as denial of service, server-side request forgery, remote code execution, memory exhaustion, and request smuggling across various components including Kafka Exporter, console UI, Netty, and others. These vulnerabilities affect the distributed data streaming platform and its associated tools. The update replaces version 3. 1. 0 and is rated critical by Red Hat Product Security. The advisory provides a comprehensive list of fixed CVEs but does not include a CVSS score. Users are advised to apply this update to mitigate the identified security issues.

Red Hat has released a security advisory for the Red Hat Build of Apache Camel 4. 18. 1 for Spring Boot 3. 5. 14, addressing multiple critical vulnerabilities across various components including Apache Artemis, Spring Boot, Plexus-utils, Netty, Jetty, Kafka clients, Apache Camel modules, and cryptographic libraries. The issues range from remote code execution, authentication bypass, information disclosure, denial of service, directory traversal, to resource exhaustion. This advisory consolidates fixes for numerous CVEs affecting these components, highlighting the critical nature of the update. The patch release is intended to remediate these vulnerabilities and improve the security posture of affected Red Hat products.

Red Hat OpenShift Dev Spaces 3. 27. 1 is a cloud developer workspace server and browser-based IDE designed for container-based development on OpenShift. The 3. 27 release introduces support for devfile v2. 1 and v2. 2 standards, urging users to migrate from the deprecated v1 standard. This advisory references multiple CVEs, including CVE-2025-61728, indicating a collection of vulnerabilities affecting this product version. No specific fixes or patches are detailed in the advisory, and users are encouraged to update to supported OpenShift releases (v4. 16 and higher) to continue receiving updates.

Red Hat has released updated Cryostat 4 on RHEL 9 container images that address multiple security vulnerabilities affecting various components and libraries. These fixes include patches for denial of service, authorization bypass, information disclosure, request smuggling, memory safety, and arbitrary code execution issues. Users of Cryostat 4 on RHEL 9 container images are advised to upgrade to the updated images and rebuild dependent container images to ensure these vulnerabilities are mitigated.

Red Hat OpenShift AI version 3. 3. 3 addresses multiple critical security vulnerabilities identified by CVE-2025-6242 and 45 additional CVEs. The advisory announces updated container images for Red Hat OpenShift AI to mitigate these issues. No specific technical details or fixes for individual CVEs are provided in the advisory content. There are no known exploits in the wild at the time of publication. The vendor has released updated images and documentation to guide users on upgrading their clusters to apply the errata update. Patch status is not explicitly confirmed in the advisory, and no direct patch links are provided. Users should consult the official Red Hat documentation for upgrade instructions and remediation details. The vulnerabilities collectively are rated critical in severity.