HIGH
quarkusio
CVE published 2026-05-05
CVE-2026-39852
CVE-2026-39852 is a high-severity vulnerability in Quarkus, a Java framework for building cloud-native applications. The vulnerability is caused by a path normalization inconsistency between the security layer and the routing layer, allowing unauthenticated or lower-privileged users to bypass HTTP path-based authorization policies. An attacker can append a semicolon and arbitrary text to a request URL to [truncated]