VDB
RHSA-2026%3A5482
RHSA-2026%3A5482
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss EAP XP 6.0 Update 3.0 |
Timeline
- Mar 23, 2026 CVE Published
- May 5, 2026 CVE Updated
- May 5, 2026 Distribution Patch
- May 5, 2026 Distribution Patch
- May 5, 2026 Security Advisory
- May 5, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2026:5482 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2430180 issue
- https://issues.redhat.com/browse/JBEAP-31795 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5482.json advisory
- https://access.redhat.com/security/cve/CVE-2026-1002 advisory
- https://www.cve.org/CVERecord?id=CVE-2026-1002 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-1002 advisory
- https://github.com/eclipse-vertx/vert.x/pull/5895 advisory