Improper input validation in Eclipse Jetty

CVE-2026-6790

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority (host and port) matches what provided in the Host header (if present). This was not enforced in earlier HTTP RFC (for example…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-6790?
CVE-2026-6790 is a medium-severity vulnerability in Eclipse Jetty, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2026-07-14.
How severe is CVE-2026-6790?
Medium severity. CVSS v3 base score is 5.3 out of 10.