Back to overview

CVE-2026-10051

MEDIUM
6.9
CVSS 4.0
Description
In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the union of trailers of the first request and the current request.

Metadata

CVE ID
CVE-2026-10051
State
PUBLISHED
Assigner
eclipse
Reserved
2026-05-29 07:28 UTC
Published
2026-07-14 08:44 UTC
Last updated
2026-07-14 08:44 UTC
Primary CWE
CWE-200
CWE-200
Vendor / Product
Eclipse Foundation / Eclipse Jetty
Sources
cve.org  ·  NVD

Severity & Metrics

6.9 MEDIUM CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products (1)
VendorProductPlatformVersions
Eclipse Foundation Eclipse Jetty 12.0.0 ≤ 12.0.35, 12.1.0 ≤ 12.1.9
Weakness (CWE)
CWESourceDescription
CWE-200 cna CWE-200
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.9 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Back to overview