Vulnerability-Lookup

RHSA-2026:28573

Vulnerability from csaf_redhat - Published: 2026-06-23 21:53 - Updated: 2026-06-23 21:54

Summary

Red Hat Security Advisory: Red Hat Offline Knowledge Portal security and content update

Severity

Important

Notes

Topic: Red Hat Offline Knowledge Portal security fixes & content update

Details: This Red Hat Offline Knowledge Portal fixes several Solr-related CVEs. It also includes content updates as of June 16 2026.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-5795

A flaw was found in Eclipse Jetty. The `JASPIAuthenticator` class is responsible for handling authentication checks. During these checks, the class sets two ThreadLocal variables to store authentication state. Under certain conditions, the authentication process can return early without properly clearing the ThreadLocal variables, allowing a subsequent request to inherit the un-cleared ThreadLocal values. This issue can cause broken access control, authentication bypass, privilege escalation and data breaches.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-226 - Sensitive Information in Resource Not Removed Before Reuse

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-44249

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo() function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended network restrictions, potentially leading to unauthorized access or exposure of services.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1287 - Improper Validation of Specified Type of Input

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-45292

A flaw was found in OpenTelemetry Java, specifically within the baggage propagation implementation of opentelemetry-api and opentelemetry-extension-trace-propagators. A remote attacker can exploit this vulnerability by sending oversized baggage, which leads to unbounded memory allocation and high CPU consumption. This can result in a Denial of Service (DoS) for the affected service. Furthermore, because baggage is automatically re-injected into outgoing requests, the impact can spread to other downstream services.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64		—	Vendor Fix fix
Unresolved product id: Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64		—	Vendor Fix fix

Threats

Impact Important

CVE-2026-45416

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS (Transport Layer Security) ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service (DoS) due to excessive memory consumption. The issue occurs in the `SslClientHelloHandler.decode()` method when processing the TLS handshake length.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-50010

A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager (X509TrustManager), it fails to perform necessary hostname checks, enabling an attacker to impersonate a legitimate server. This could lead to sensitive information disclosure or man-in-the-middle attacks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64		—	Vendor Fix fix Workaround

Threats

Impact Important

References

40 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:28573	self
https://access.redhat.com/products/red-hat-offlin…	external
https://access.redhat.com/security/cve/CVE-2026-44249	external
https://access.redhat.com/security/cve/CVE-2026-45292	external
https://access.redhat.com/security/cve/CVE-2026-45416	external
https://access.redhat.com/security/cve/CVE-2026-50010	external
https://access.redhat.com/security/cve/CVE-2026-5795	external
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-5795	self
https://bugzilla.redhat.com/show_bug.cgi?id=2456519	external
https://www.cve.org/CVERecord?id=CVE-2026-5795	external
https://nvd.nist.gov/vuln/detail/CVE-2026-5795	external
https://github.com/advisories/GHSA-gc59-r5jq-98qw	external
https://access.redhat.com/security/cve/CVE-2026-44249	self
https://bugzilla.redhat.com/show_bug.cgi?id=2488081	external
https://www.cve.org/CVERecord?id=CVE-2026-44249	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44249	external
https://github.com/netty/netty/releases/tag/netty…	external
https://github.com/netty/netty/releases/tag/netty…	external
https://github.com/netty/netty/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-45292	self
https://bugzilla.redhat.com/show_bug.cgi?id=2482785	external
https://www.cve.org/CVERecord?id=CVE-2026-45292	external
https://nvd.nist.gov/vuln/detail/CVE-2026-45292	external
https://github.com/open-telemetry/opentelemetry-j…	external
https://github.com/open-telemetry/opentelemetry-j…	external
https://github.com/open-telemetry/opentelemetry-j…	external
https://github.com/open-telemetry/opentelemetry-j…	external
https://access.redhat.com/security/cve/CVE-2026-45416	self
https://bugzilla.redhat.com/show_bug.cgi?id=2488391	external
https://www.cve.org/CVERecord?id=CVE-2026-45416	external
https://nvd.nist.gov/vuln/detail/CVE-2026-45416	external
https://github.com/netty/netty/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-50010	self
https://bugzilla.redhat.com/show_bug.cgi?id=2488429	external
https://www.cve.org/CVERecord?id=CVE-2026-50010	external
https://nvd.nist.gov/vuln/detail/CVE-2026-50010	external
https://github.com/netty/netty/security/advisorie…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Offline Knowledge Portal security fixes \u0026 content update",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This Red Hat Offline Knowledge Portal fixes several Solr-related CVEs. It also includes content updates as of June 16 2026.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:28573",
        "url": "https://access.redhat.com/errata/RHSA-2026:28573"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/products/red-hat-offline-knowledge-portal",
        "url": "https://access.redhat.com/products/red-hat-offline-knowledge-portal"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44249",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44249"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-45292",
        "url": "https://access.redhat.com/security/cve/CVE-2026-45292"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-45416",
        "url": "https://access.redhat.com/security/cve/CVE-2026-45416"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-50010",
        "url": "https://access.redhat.com/security/cve/CVE-2026-50010"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-5795",
        "url": "https://access.redhat.com/security/cve/CVE-2026-5795"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_offline_knowledge_portal/1",
        "url": "https://docs.redhat.com/en/documentation/red_hat_offline_knowledge_portal/1"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28573.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Offline Knowledge Portal security and content update",
    "tracking": {
      "current_release_date": "2026-06-23T21:54:53+00:00",
      "generator": {
        "date": "2026-06-23T21:54:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2026:28573",
      "initial_release_date": "2026-06-23T21:53:14+00:00",
      "revision_history": [
        {
          "date": "2026-06-23T21:53:14+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-23T21:53:25+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-23T21:54:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Offline Knowledge Portal 1.2.5",
                "product": {
                  "name": "Red Hat Offline Knowledge Portal 1.2.5",
                  "product_id": "Red Hat Offline Knowledge Portal 1.2.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:offline_knowledge_portal:1.2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Offline Knowledge Portal"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64",
                "product": {
                  "name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64",
                  "product_id": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhokp-rhel9@sha256%3Ac0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a?arch=amd64\u0026repository_url=registry.redhat.io/offline-knowledge-portal/rhokp-rhel9\u0026tag=1782239370"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
                "product": {
                  "name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
                  "product_id": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhokp-rhel9@sha256%3A9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22?arch=arm64\u0026repository_url=registry.redhat.io/offline-knowledge-portal/rhokp-rhel9\u0026tag=1782239370"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64 as a component of Red Hat Offline Knowledge Portal 1.2.5",
          "product_id": "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64"
        },
        "product_reference": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
        "relates_to_product_reference": "Red Hat Offline Knowledge Portal 1.2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64 as a component of Red Hat Offline Knowledge Portal 1.2.5",
          "product_id": "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
        },
        "product_reference": "registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64",
        "relates_to_product_reference": "Red Hat Offline Knowledge Portal 1.2.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-5795",
      "cwe": {
        "id": "CWE-226",
        "name": "Sensitive Information in Resource Not Removed Before Reuse"
      },
      "discovery_date": "2026-04-08T14:01:02.911884+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456519"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Eclipse Jetty. The `JASPIAuthenticator` class is responsible for handling authentication checks. During these checks, the class sets two ThreadLocal variables to store authentication state. Under certain conditions, the authentication process can return early without properly clearing the ThreadLocal variables, allowing a subsequent request to inherit the un-cleared ThreadLocal values. This issue can cause broken access control, authentication bypass, privilege escalation and data breaches.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.eclipse.jetty.ee10/jetty-ee10: early return from the JASPIAuthenticator class without clearing ThreadLocal variables",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is only exploitable when `JASPIAuthenticator` class returns early and a subsequent request inherits the un-cleared ThreadLocal values. This requires a new request to be assigned the exact same recycled thread, increasing the complexity of exploitation. Due to these reasons, this flaw has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
          "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-5795"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456519",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456519"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-5795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5795"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5795",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5795"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-gc59-r5jq-98qw",
          "url": "https://github.com/advisories/GHSA-gc59-r5jq-98qw"
        }
      ],
      "release_date": "2026-04-08T13:32:28.935000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-23T21:53:14+00:00",
          "details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.",
          "product_ids": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:28573"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "org.eclipse.jetty.ee10/jetty-ee10: early return from the JASPIAuthenticator class without clearing ThreadLocal variables"
    },
    {
      "cve": "CVE-2026-44249",
      "cwe": {
        "id": "CWE-1287",
        "name": "Improper Validation of Specified Type of Input"
      },
      "discovery_date": "2026-06-11T22:02:05.327173+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2488081"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo() function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended network restrictions, potentially leading to unauthorized access or exposure of services.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability in netty-handler is rated as Important because a remote attacker can bypass configured IPv6 subnet filtering rules. This flaw, stemming from an incorrect masking operation, could allow unauthorized access to or exposure of services that are intended to be network-restricted within Red Hat products utilizing the affected Netty component.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
          "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44249"
        },
        {
          "category": "external",
          "summary": "RHBZ#2488081",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488081"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44249",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44249"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44249",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44249"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86"
        }
      ],
      "release_date": "2026-06-11T20:46:14.110000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-23T21:53:14+00:00",
          "details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.",
          "product_ids": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:28573"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation"
    },
    {
      "cve": "CVE-2026-45292",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-05-28T17:02:14.674828+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2482785"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenTelemetry Java, specifically within the baggage propagation implementation of opentelemetry-api and opentelemetry-extension-trace-propagators. A remote attacker can exploit this vulnerability by sending oversized baggage, which leads to unbounded memory allocation and high CPU consumption. This can result in a Denial of Service (DoS) for the affected service. Furthermore, because baggage is automatically re-injected into outgoing requests, the impact can spread to other downstream services.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
          "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-45292"
        },
        {
          "category": "external",
          "summary": "RHBZ#2482785",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482785"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-45292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45292"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45292",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45292"
        },
        {
          "category": "external",
          "summary": "https://github.com/open-telemetry/opentelemetry-java/commit/03837d3c1763bc35464aea1078671e2ef2336a5f",
          "url": "https://github.com/open-telemetry/opentelemetry-java/commit/03837d3c1763bc35464aea1078671e2ef2336a5f"
        },
        {
          "category": "external",
          "summary": "https://github.com/open-telemetry/opentelemetry-java/pull/8380",
          "url": "https://github.com/open-telemetry/opentelemetry-java/pull/8380"
        },
        {
          "category": "external",
          "summary": "https://github.com/open-telemetry/opentelemetry-java/releases/tag/v1.62.0",
          "url": "https://github.com/open-telemetry/opentelemetry-java/releases/tag/v1.62.0"
        },
        {
          "category": "external",
          "summary": "https://github.com/open-telemetry/opentelemetry-java/security/advisories/GHSA-rcgg-9c38-7xpx",
          "url": "https://github.com/open-telemetry/opentelemetry-java/security/advisories/GHSA-rcgg-9c38-7xpx"
        }
      ],
      "release_date": "2026-05-28T16:37:29.490000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-23T21:53:14+00:00",
          "details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.",
          "product_ids": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:28573"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage"
    },
    {
      "cve": "CVE-2026-45416",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-06-12T15:01:45.671884+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2488391"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS (Transport Layer Security) ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service (DoS) due to excessive memory consumption. The issue occurs in the `SslClientHelloHandler.decode()` method when processing the TLS handshake length.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability in Netty is rated as Important. It allows a remote attacker to trigger a denial of service by sending a specially crafted TLS ClientHello message. The flaw arises from an eager, unbounded memory allocation during the TLS handshake, particularly when default configurations disable the maximum client hello length guard, leading to excessive resource consumption in affected Red Hat products utilizing Netty.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
          "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-45416"
        },
        {
          "category": "external",
          "summary": "RHBZ#2488391",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488391"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-45416",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45416"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45416",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45416"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh"
        }
      ],
      "release_date": "2026-06-12T14:10:05.585000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-23T21:53:14+00:00",
          "details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.",
          "product_ids": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:28573"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, configure applications utilizing Netty\u0027s `SslClientHelloHandler` to specify a non-zero value for the `maxClientHelloLength` parameter. This will enable the internal length validation, preventing the eager allocation of large memory buffers when processing crafted TLS ClientHello messages. Refer to your specific application\u0027s documentation for details on configuring Netty\u0027s TLS handler. A restart of the affected application or service is required for the configuration changes to take effect.",
          "product_ids": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake"
    },
    {
      "cve": "CVE-2026-50010",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2026-06-12T16:02:13.735675+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2488429"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager (X509TrustManager), it fails to perform necessary hostname checks, enabling an attacker to impersonate a legitimate server. This could lead to sensitive information disclosure or man-in-the-middle attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is an Important flaw in Netty that affects Red Hat products utilizing the `netty-handler` component, including various Red Hat AMQ, Enterprise Application Platform, and OpenShift offerings. The vulnerability arises when a Netty client is configured with a plain X.509 Trust Manager, leading to a bypass of hostname verification. This oversight allows a remote attacker to perform man-in-the-middle attacks by impersonating a legitimate server, potentially compromising sensitive data.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
          "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-50010"
        },
        {
          "category": "external",
          "summary": "RHBZ#2488429",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488429"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-50010",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50010"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-50010",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50010"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-c653-97m9-rcg9",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-c653-97m9-rcg9"
        }
      ],
      "release_date": "2026-06-12T14:50:43.151000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-23T21:53:14+00:00",
          "details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io using the \"podman pull\" command.",
          "product_ids": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:28573"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:9620b543dab8aa6e7a2f372890512c885c4beb6098d61fc5dd68e15cb0e2cc22_arm64",
            "Red Hat Offline Knowledge Portal 1.2.5:registry.redhat.io/offline-knowledge-portal/rhokp-rhel9@sha256:c0b2c8c0cf4ff8340aef1ce4e92fbf0dee4fc0b88a0c17659ad018f2fc21513a_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass"
    }
  ]
}

CVE-2026-44249 (GCVE-0-2026-44249)

Vulnerability from cvelistv5 – Published: 2026-06-11 20:46 – Updated: 2026-06-13 03:55

Title

Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking

Summary

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-284 - Improper Access Control
CWE-697 - Incorrect Comparison

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final Affected: < 4.1.135.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44249",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-13T03:55:45.263Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.1.135.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions. Versions 4.1.135.Final and 4.2.15.Final patch the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-697",
              "description": "CWE-697: Incorrect Comparison",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-11T20:46:14.110Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-3qp7-7mw8-wx86",
        "discovery": "UNKNOWN"
      },
      "title": "Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44249",
    "datePublished": "2026-06-11T20:46:14.110Z",
    "dateReserved": "2026-05-05T16:33:55.844Z",
    "dateUpdated": "2026-06-13T03:55:45.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45292 (GCVE-0-2026-45292)

Vulnerability from cvelistv5 – Published: 2026-05-28 16:37 – Updated: 2026-05-28 17:27

Title

opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation

Summary

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, the effect can fan out to downstream services that never received the original malicious request. This vulnerability is fixed in 1.62.0.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/open-telemetry/opentelemetry-j…	x_refsource_CONFIRM
https://github.com/open-telemetry/opentelemetry-j…	x_refsource_MISC
https://github.com/open-telemetry/opentelemetry-j…	x_refsource_MISC
https://github.com/open-telemetry/opentelemetry-j…	x_refsource_MISC

Impacted products

3 products

Vendor	Product	Version
open-telemetry	opentelemetry-java	Affected: < 1.62.0
io.opentelemetry	opentelemetry-api	Affected: 1.62.0
io.opentelemetry	opentelemetry-extension-trace-propagators	Affected: 1.62.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45292",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T17:27:00.066477Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T17:27:14.164Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "opentelemetry-java",
          "vendor": "open-telemetry",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.62.0"
            }
          ]
        },
        {
          "product": "opentelemetry-api",
          "vendor": "io.opentelemetry",
          "versions": [
            {
              "status": "affected",
              "version": "1.62.0"
            }
          ]
        },
        {
          "product": "opentelemetry-extension-trace-propagators",
          "vendor": "io.opentelemetry",
          "versions": [
            {
              "status": "affected",
              "version": "1.62.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, the effect can fan out to downstream services that never received the original malicious request. This vulnerability is fixed in 1.62.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-28T16:37:29.490Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/open-telemetry/opentelemetry-java/security/advisories/GHSA-rcgg-9c38-7xpx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/open-telemetry/opentelemetry-java/security/advisories/GHSA-rcgg-9c38-7xpx"
        },
        {
          "name": "https://github.com/open-telemetry/opentelemetry-java/pull/8380",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/open-telemetry/opentelemetry-java/pull/8380"
        },
        {
          "name": "https://github.com/open-telemetry/opentelemetry-java/commit/03837d3c1763bc35464aea1078671e2ef2336a5f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/open-telemetry/opentelemetry-java/commit/03837d3c1763bc35464aea1078671e2ef2336a5f"
        },
        {
          "name": "https://github.com/open-telemetry/opentelemetry-java/releases/tag/v1.62.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/open-telemetry/opentelemetry-java/releases/tag/v1.62.0"
        }
      ],
      "source": {
        "advisory": "GHSA-rcgg-9c38-7xpx",
        "discovery": "UNKNOWN"
      },
      "title": "opentelemetry-java: Unbounded Memory Allocation in W3C Baggage Propagation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45292",
    "datePublished": "2026-05-28T16:37:29.490Z",
    "dateReserved": "2026-05-11T20:14:43.201Z",
    "dateUpdated": "2026-05-28T17:27:14.164Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45416 (GCVE-0-2026-45416)

Vulnerability from cvelistv5 – Published: 2026-06-12 14:10 – Updated: 2026-06-12 15:07

Title

Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

Summary

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates `ctx.alloc().buffer(handshakeLength)` (line 161). The guard at line 140 is `handshakeLength > maxClientHelloLength && maxClientHelloLength != 0`, and the commonly-used SniHandler/AbstractSniHandler constructors (SniHandler(Mapping), SniHandler(AsyncMapping), AbstractSniHandler()) pass maxClientHelloLength=0 and handshakeTimeoutMillis=0, so the length guard is disabled and no timeout is scheduled. A 16 MiB request exceeds the default pooled chunk size and becomes a huge/unpooled allocation performed immediately. The buffer is retained in the handler until the channel closes. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final Affected: < 4.1.135.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45416",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T15:06:59.768657Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T15:07:07.365Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.1.135.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates `ctx.alloc().buffer(handshakeLength)` (line 161). The guard at line 140 is `handshakeLength \u003e maxClientHelloLength \u0026\u0026 maxClientHelloLength != 0`, and the commonly-used SniHandler/AbstractSniHandler constructors (SniHandler(Mapping), SniHandler(AsyncMapping), AbstractSniHandler()) pass maxClientHelloLength=0 and handshakeTimeoutMillis=0, so the length guard is disabled and no timeout is scheduled. A 16 MiB request exceeds the default pooled chunk size and becomes a huge/unpooled allocation performed immediately. The buffer is retained in the handler until the channel closes. Versions 4.1.135.Final and 4.2.15.Final patch the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T14:12:09.426Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-x4gw-5cx5-pgmh",
        "discovery": "UNKNOWN"
      },
      "title": "Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45416",
    "datePublished": "2026-06-12T14:10:05.585Z",
    "dateReserved": "2026-05-12T01:48:40.452Z",
    "dateUpdated": "2026-06-12T15:07:07.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-50010 (GCVE-0-2026-50010)

Vulnerability from cvelistv5 – Published: 2026-06-12 14:50 – Updated: 2026-06-12 16:39

Title

Netty's wrapping plain trust manager silently disables hostname verification

Summary

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers() and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends X509ExtendedTrustManager but implements the 3-arg checkServerTrusted(chain, authType, SSLEngine) by discarding the SSLEngine and calling the 2-arg delegate. Because the object now IS an X509ExtendedTrustManager, neither SunJSSE's internal AbstractTrustManagerWrapper nor Netty's own OpenSslX509TrustManagerWrapper will re-wrap it to add endpoint-identification. Consequently, even though Netty 4.2 sets endpointIdentificationAlgorithm="HTTPS" by default, a client built with `SslContextBuilder.forClient().trustManager(somePlainX509TrustManager)` performs no hostname verification at all. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC
https://github.com/netty/netty/releases/tag/netty…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: >= 4.2.0.Final, < 4.2.15.Final Affected: < 4.1.135.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-50010",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T16:38:52.451711Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T16:39:07.045Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0.Final, \u003c 4.2.15.Final"
            },
            {
              "status": "affected",
              "version": "\u003c 4.1.135.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers() and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends X509ExtendedTrustManager but implements the 3-arg checkServerTrusted(chain, authType, SSLEngine) by discarding the SSLEngine and calling the 2-arg delegate. Because the object now IS an X509ExtendedTrustManager, neither SunJSSE\u0027s internal AbstractTrustManagerWrapper nor Netty\u0027s own OpenSslX509TrustManagerWrapper will re-wrap it to add endpoint-identification. Consequently, even though Netty 4.2 sets endpointIdentificationAlgorithm=\"HTTPS\" by default, a client built with `SslContextBuilder.forClient().trustManager(somePlainX509TrustManager)` performs no hostname verification at all. Versions 4.1.135.Final and 4.2.15.Final patch the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T14:50:43.151Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-c653-97m9-rcg9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-c653-97m9-rcg9"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
        },
        {
          "name": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
        }
      ],
      "source": {
        "advisory": "GHSA-c653-97m9-rcg9",
        "discovery": "UNKNOWN"
      },
      "title": "Netty\u0027s wrapping plain trust manager silently disables hostname verification"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-50010",
    "datePublished": "2026-06-12T14:50:43.151Z",
    "dateReserved": "2026-06-02T22:46:02.578Z",
    "dateUpdated": "2026-06-12T16:39:07.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5795 (GCVE-0-2026-5795)

Vulnerability from cvelistv5 – Published: 2026-04-08 13:32 – Updated: 2026-04-09 03:56

Summary

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation.

Severity

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-226 - Sensitive information in resource not removed before reuse
CWE-287 - Improper Authentication

Assigner

eclipse

References

2 references

URL	Tags
https://github.com/jetty/jetty.project/security/a…
https://gitlab.eclipse.org/security/cve-assignmen…

Impacted products

1 product

Vendor	Product	Version
Eclipse Foundation	Eclipse Jetty	Affected: 12.1.0 , ≤ 12.1.7 (semver) Affected: 12.0.0 , ≤ 12.0.33 (semver) Affected: 11.0.0 , ≤ 11.0.28 (semver) Affected: 10.0.0 , ≤ 10.0.28 (semver) Affected: 9.4.0 , ≤ 9.4.60 (semver)

Credits

https://github.com/HRsGIT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-09T03:56:11.784Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Eclipse Jetty",
          "repo": "https://github.com/jetty/jetty.project",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "12.1.7",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.0.33",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.0.28",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.28",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.4.60",
              "status": "affected",
              "version": "9.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "https://github.com/HRsGIT"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn Eclipse Jetty, the class \u003ccode\u003eJASPIAuthenticator\u003c/code\u003e initiates the authentication checks, which set two \u003ccode\u003eThreadLocal\u003c/code\u003e variable.\u003c/p\u003e\n\u003cp\u003eUpon returning from the initial checks, there are conditions that cause an early return from the \u003ccode\u003eJASPIAuthenticator\u003c/code\u003e code without clearing those \u003ccode\u003eThreadLocal\u003c/code\u003es.\u003c/p\u003e\n\u003cp\u003eA subsequent request using the same thread inherits the \u003ccode\u003eThreadLocal\u003c/code\u003e values, leading to a broken access control and privilege escalation.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.\n\n\nUpon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.\n\n\nA subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-226",
              "description": "CWE-226 Sensitive information in resource not removed before reuse",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T13:32:28.935Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-r7p8-xq5m-436chttps://"
        },
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/92"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2026-5795",
    "datePublished": "2026-04-08T13:32:28.935Z",
    "dateReserved": "2026-04-08T13:21:06.990Z",
    "dateUpdated": "2026-04-09T03:56:11.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:28573

CVE-2026-44249 (GCVE-0-2026-44249)

CVE-2026-45292 (GCVE-0-2026-45292)

CVE-2026-45416 (GCVE-0-2026-45416)

CVE-2026-50010 (GCVE-0-2026-50010)

CVE-2026-5795 (GCVE-0-2026-5795)

Tags

Sightings

Nomenclature