CVE Catalog

CVE-2026-41715

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile - higher than 7% of all known CVEs

Summary

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. This occurs only if the HTTP client has been configured to follow redirects.

Risk Assessment

Credential leakage may lead to unauthorized access to organizational resources, posing a significant security threat.

Recommendation

It is recommended to avoid configuring the HTTP client to follow redirects or to update to the latest version to minimize risk.

Original NVD description (English source)

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS