CVE-2026-12606
MEDIUM
6.3
CVSS 4.0
Description
Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling.
Metadata
Severity & Metrics
6.3
MEDIUM CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Eclipse Foundation | Eclipse GlassFish | — | 4.0.0 ≤ 4.0.2, 5.0.0 < 5.0.2 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-444 | cna | CWE-444: Inconsistent Interpretation of HTTP Requests |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.3 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |