Rhoai Odh-Modelmesh-Rhel9 vulnerabilities

CVE-2026-42581 [CRITICAL] CWE-444 netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty cor

CVE-2026-42584 [CRITICAL] CWE-444 netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when

CVE-2026-42585 [HIGH] CWE-444 netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing A flaw was found in Netty. This vulnerability allows a remote attacker to perform request smuggling attacks due to incorrect parsing of malformed Transfer-Encoding headers. By exploiting this flaw, an attacker can bypass security controls and potentially access sensitive

CVE-2026-42587 [HIGH] CWE-770 netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload

CVE-2026-42580 [MEDIUM] CWE-190 netty: Netty: Request smuggling via chunk size parser integer overflow netty: Netty: Request smuggling via chunk size parser integer overflow A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit an integer overflow vulnerability in Netty's chunk size parser. This flaw enables request smuggling attacks, which can allow an attacker to bypass security controls or access unauthorized information. Mit

CVE-2026-42578 [LOW] CWE-93 netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy se

CVE-2026-41417 [MEDIUM] CWE-93 netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection A flaw was found in Netty. A remote attacker can bypass request-line validation by manipulating the URI after a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created. This vulnerability, a form of Carriage Return Line Feed (CRLF) injection, allows for the insertion of additional HTTP or RTSP requests. The p

CVE-2026-43869 [HIGH] CWE-295 Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This cou

CVE-2026-43868 [MEDIUM] CWE-1285 Apache Thrift: Apache Thrift: Denial of Service via excessive memory allocation Apache Thrift: Apache Thrift: Denial of Service via excessive memory allocation A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become unresponsive, le

CVE-2025-14813 [CRITICAL] CWE-327 bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `GOSTCTR` implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected b

CVE-2026-5598 [CRITICAL] CWE-385 bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy to gain unautho

CVE-2026-5588 [MEDIUM] CWE-347 bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifi

CVE-2026-0636 [MEDIUM] CWE-90 bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `LDAPStoreHelper` implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying crafted input, pot