What is CVE-2026-5795?

CVE-2026-5795 is a high-severity vulnerability in Eclipse Foundation Jetty, classified under Sensitive Information in Resource Not Removed Before Reuse. CVSS score: 7.4/10. Published 2026-04-08.

How severe is CVE-2026-5795?

High severity. CVSS v3 base score is 7.4 out of 10.

Auth bypass in Eclipse Foundation Jetty

CVE-2026-5795

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator c…

EPSS: 0.000 (9.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Eclipse Foundation Jetty — versions 12.1.0, 12.0.0, 11.0.0

Weakness classification (CWE)

CWE-226 — Sensitive Information in Resource Not Removed Before Reuse
CWE-287 — Improper Authentication

References

github.com/jetty/jetty.project/security/advisories/GHSA-r7p8-xq5m-436chttps://
gitlab.eclipse.org/security/cve-assignment/-/issues/92

Frequently asked questions

What is CVE-2026-5795?: CVE-2026-5795 is a high-severity vulnerability in Eclipse Foundation Jetty, classified under Sensitive Information in Resource Not Removed Before Reuse. CVSS score: 7.4/10. Published 2026-04-08.
How severe is CVE-2026-5795?: High severity. CVSS v3 base score is 7.4 out of 10.