Threats Tagged 'cve-2026-45416'

Red Hat has released a security update for its build of Quarkus 3.33.2.SP1 addressing multiple vulnerabilities across several components including quarkus-vertx-http, vertx-core, and various Netty modules. The fixes cover issues such as authentication/authorization bypass, denial of service via malformed messages or resource leaks, hostname verification bypass, information disclosure, and DNS cache poisoning. These vulnerabilities have been assigned multiple CVEs and are rated with an overall security impact of Important by Red Hat Product Security. The update upgrades Netty to version 4.1.135.Final and Vertx to 4.5.28 to remediate these issues. Users are advised to apply this update after ensuring all prior relevant errata are installed.

Red Hat has released a security update for its build of Quarkus 3.27.4.SP1 addressing multiple vulnerabilities across several components including quarkus-vertx-http, vertx-core, and various Netty modules. The fixes cover issues such as authentication/authorization bypass, denial of service via malformed messages or resource leaks, information disclosure, hostname verification bypass, and DNS cache poisoning. These vulnerabilities collectively pose risks including bypassing security controls, service disruption, and data manipulation. The update is rated with an important security impact by Red Hat.

A security update for Red Hat build of Apache Camel 4.18 for Quarkus 3.33 is now available and includes the following CVE fixes: * netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake [rhboac-camel-quarkus-3] (CVE-2026-45416) * netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation [rhboac-camel-quarkus-3] (CVE-2026-45674) * netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass [rhboac-camel-quarkus-3] (CVE-2026-50010) * netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records [rhboac-camel-quarkus-3] (CVE-2026-47691) * netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers [rhboac-camel-quarkus-3] (CVE-2026-48059) * netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak [rhboac-camel-quarkus-3] (CVE-2026-48043) * netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message [rhboac-camel-quarkus-3] (CVE-2026-44893) * netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation [rhboac-camel-quarkus-3] (CVE-2026-44249) * quarkus-vertx-http: Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities [rhboac-camel-quarkus-3] (CVE-2026-50559) * libthrift: Apache Thrift: Denial of Service via excessive memory allocation [rhboac-camel-quarkus-3] (CVE-2026-43868) * libthrift: Apache Thrift: Security bypass due to improper certificate validation [rhboac-camel-quarkus-3] (CVE-2026-43869)