Information disclosure in Quarkiverse Quarkus-openapi-generator

CVE-2026-42333

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broad…

Vulnerability class: Information Disclosure

EPSS: 0.002 (44.4th percentile) — read the EPSS interpretation.

Affected products

Quarkiverse Quarkus-openapi-generator — versions < 2.11.1-lts, < 2.16.0-lts, < 2.17.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)