- Issued:
- 2026-06-17
- Updated:
- 2026-06-17
RHSA-2026:26586 - Important: Red Hat build of Apache Camel 4.18 for Quarkus 3.33 security update
Synopsis
Important: Red Hat build of Apache Camel 4.18 for Quarkus 3.33 security update
Type/Severity
Security Advisory Important
Topic
A security update for Red Hat build of Apache Camel 4.18 for Quarkus 3.33 is now available.
This text-only errata provides information about enhancements that improve your developer experience and ensure the security and stability of your applications.
Red Hat Product Security has rated this update as having a security impact of Important.
Description
A security update for Red Hat build of Apache Camel 4.18 for Quarkus 3.33 is now available and includes the following CVE fixes:
- netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake [rhboac-camel-quarkus-3] (CVE-2026-45416)
- netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation [rhboac-camel-quarkus-3] (CVE-2026-45674)
- netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass [rhboac-camel-quarkus-3] (CVE-2026-50010)
- netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records [rhboac-camel-quarkus-3] (CVE-2026-47691)
- netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers [rhboac-camel-quarkus-3] (CVE-2026-48059)
- netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak [rhboac-camel-quarkus-3] (CVE-2026-48043)
- netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message [rhboac-camel-quarkus-3] (CVE-2026-44893)
- netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation [rhboac-camel-quarkus-3] (CVE-2026-44249)
- quarkus-vertx-http: Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities [rhboac-camel-quarkus-3] (CVE-2026-50559)
- libthrift: Apache Thrift: Denial of Service via excessive memory allocation [rhboac-camel-quarkus-3] (CVE-2026-43868)
- libthrift: Apache Thrift: Security bypass due to improper certificate validation [rhboac-camel-quarkus-3] (CVE-2026-43869)
Solution
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update).
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Build of Apache Camel | 1 | x86_64 |
Fixes
- This content is not included.BZ - 2466660
- This content is not included.BZ - 2466670
- This content is not included.BZ - 2488081
CVEs
- CVE-2026-43868
- CVE-2026-43869
- CVE-2026-44249
- CVE-2026-44893
- CVE-2026-45416
- CVE-2026-45674
- CVE-2026-47691
- CVE-2026-48043
- CVE-2026-48059
- CVE-2026-50010
- CVE-2026-50559
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at Security Contacts and Procedures.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.