Information disclosure in Eclipse Jetty
CVE-2026-10051
In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first requ…
Vulnerability class: Information Disclosure
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Eclipse Jetty
- Eclipse Foundation Jetty — versions 12.0.0, 12.1.0
Weakness classification (CWE)
References
- emo@eclipse.org (Exploit, Vendor Advisory)
Frequently asked questions
- What is CVE-2026-10051?
- CVE-2026-10051 is a high-severity vulnerability in Eclipse Jetty, classified under Information Disclosure. CVSS score: 7.5/10. Published 2026-07-14.
- How severe is CVE-2026-10051?
- High severity. CVSS v3 base score is 7.5 out of 10.