A vulnerability described as problematic has been identified in AsyncHttpClient async-http-client up to 2.14.x/3.0.9 . Affected by this issue is the function propagatedHeaders of the file Redirect30xInterceptor.java of the component Session Cookie Handler . Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2026-45300 . The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.