Back to overview

CVE-2026-12606

MEDIUM
6.3
CVSS 4.0
Description
Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling.

Metadata

CVE ID
CVE-2026-12606
State
PUBLISHED
Assigner
eclipse
Reserved
2026-06-18 11:27 UTC
Published
2026-07-14 08:28 UTC
Last updated
2026-07-14 08:28 UTC
Primary CWE
CWE-444
CWE-444: Inconsistent Interpretation of HTTP Requests
Vendor / Product
Eclipse Foundation / Eclipse GlassFish
Sources
cve.org  ·  NVD

Severity & Metrics

6.3 MEDIUM CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products (1)
VendorProductPlatformVersions
Eclipse Foundation Eclipse GlassFish 4.0.0 ≤ 4.0.2, 5.0.0 < 5.0.2
Weakness (CWE)
CWESourceDescription
CWE-444 cna CWE-444: Inconsistent Interpretation of HTTP Requests
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Back to overview