CVE-2026-41715

Vulnerability

In Reactor Netty versions 1.0.0 through 1.0.51, 1.1.0 through 1.1.35, 1.2.0 through 1.2.17, and 1.3.0 through 1.3.5, the HTTP client may leak credentials when handling HTTP redirects from a secure endpoint to an insecure endpoint. This vulnerability is only present if the HTTP client is explicitly configured to follow redirects [1].

Exploitation

An attacker can exploit this vulnerability by tricking a user into visiting a malicious website that triggers an HTTP redirect from a secure endpoint (HTTPS) to an insecure endpoint (HTTP). The attacker's server must be able to intercept the redirected request. The Reactor Netty HTTP client must also be configured to automatically follow redirects for the credential leak to occur [1].

Impact

Successful exploitation of this vulnerability can lead to the disclosure of sensitive credentials, such as session cookies or authentication tokens, to an insecure endpoint. This could allow an attacker to hijack user sessions or impersonate users, depending on the type of credentials leaked [1].

Mitigation

Users of affected versions should upgrade to the following fixed versions: 1.0.52, 1.1.36, 1.2.18, or 1.3.6. Specific Reactor BOM versions are also available for each line. No further mitigation steps are necessary beyond upgrading [1].