Red Hat Security Advisory: Streams for Apache Kafka 3.2.0 release and security update

CVE-2024-29371 — jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression CVE-2024-34351 — next: Next.js Server-Side Request Forgery in Server Actions CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61729 — crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-62718 — axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization CVE-2025-68121 — crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption CVE-2026-1002 — io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files CVE-2026-4800 — lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-23864 — react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests CVE-2026-27980 — next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage CVE-2026-33870 — io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values CVE-2026-33871 — netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood CVE-2026-40175 — axios: Axios: Remote Code Execution via Prototype Pollution escalation