Information disclosure in Eclipse Jetty

CVE-2026-10051

In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first requ…

Vulnerability class: Information Disclosure

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-10051?
CVE-2026-10051 is a high-severity vulnerability in Eclipse Jetty, classified under Information Disclosure. CVSS score: 7.5/10. Published 2026-07-14.
How severe is CVE-2026-10051?
High severity. CVSS v3 base score is 7.5 out of 10.