CVE-2026-10051 PUBLISHED

Assigner: eclipse
Reserved: 29.05.2026 Published: 14.07.2026 Updated: 14.07.2026

In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the union of trailers of the first request and the current request.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 6.9

Product Status

Vendor Eclipse Foundation
Product Eclipse Jetty
Versions Default: unaffected
  • affected from 12.0.0 to 12.0.35 (incl.)
  • affected from 12.1.0 to 12.1.9 (incl.)

References

Problem Types

  • CWE-200 CWE