CVE-2026-42333

Name of the Vulnerable Software and Affected Versions Quarkus OpenAPI Generator versions prior to 2.11.1-lts Quarkus OpenAPI Generator versions prior to 2.16.0-lts Quarkus OpenAPI Generator versions prior to 2.17.0

Description The generated authentication filter matches OpenAPI path templates too broadly when determining whether to attach credentials. The runtime authentication layer compares the outgoing request path and method against protected OpenAPI operations, but treats {param} placeholders as .*, which incorrectly allows a single path parameter to consume a forward slash (/). Consequently, a security scheme configured for one operation may be applied to a different operation of the same method if the path partially resembles the protected template. This can lead to bearer tokens, API keys, or basic credentials being sent to unintended endpoints, potentially disclosing sensitive information to lower-trust routes on the same service.

Recommendations Update to version 2.11.1-lts. Update to version 2.16.0-lts. Update to version 2.17.0.