Issued:
2026-06-17
Updated:
2026-06-17

RHSA-2026:26586 - Important: Red Hat build of Apache Camel 4.18 for Quarkus 3.33 security update


Synopsis

Important: Red Hat build of Apache Camel 4.18 for Quarkus 3.33 security update

Type/Severity

Security Advisory Important

Topic

A security update for Red Hat build of Apache Camel 4.18 for Quarkus 3.33 is now available.

This text-only errata provides information about enhancements that improve your developer experience and ensure the security and stability of your applications.

Red Hat Product Security has rated this update as having a security impact of Important.

Description

A security update for Red Hat build of Apache Camel 4.18 for Quarkus 3.33 is now available and includes the following CVE fixes:

  • netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake [rhboac-camel-quarkus-3] (CVE-2026-45416)
  • netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation [rhboac-camel-quarkus-3] (CVE-2026-45674)
  • netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass [rhboac-camel-quarkus-3] (CVE-2026-50010)
  • netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records [rhboac-camel-quarkus-3] (CVE-2026-47691)
  • netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers [rhboac-camel-quarkus-3] (CVE-2026-48059)
  • netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak [rhboac-camel-quarkus-3] (CVE-2026-48043)
  • netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message [rhboac-camel-quarkus-3] (CVE-2026-44893)
  • netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation [rhboac-camel-quarkus-3] (CVE-2026-44249)
  • quarkus-vertx-http: Authentication/Authorization Bypass via Advanced Path Normalization Vulnerabilities [rhboac-camel-quarkus-3] (CVE-2026-50559)
  • libthrift: Apache Thrift: Denial of Service via excessive memory allocation [rhboac-camel-quarkus-3] (CVE-2026-43868)
  • libthrift: Apache Thrift: Security bypass due to improper certificate validation [rhboac-camel-quarkus-3] (CVE-2026-43869)

Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update).

Affected Products

ProductVersionArch
Red Hat Build of Apache Camel1x86_64

Fixes

CVEs

References


Additional information