PatchSiren

quarkusio CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH quarkusio CVE published 2026-05-05

CVE-2026-39852

CVE-2026-39852 is a high-severity vulnerability in Quarkus, a Java framework for building cloud-native applications. The vulnerability is caused by a path normalization inconsistency between the security layer and the routing layer, allowing unauthenticated or lower-privileged users to bypass HTTP path-based authorization policies. An attacker can append a semicolon and arbitrary text to a request URL to [truncated]