HTTP/1.1 Request Trailers Vulnerability in Eclipse Jetty
CVE-2026-10051

6.9MEDIUM

Key Information:

Vendor
CVE Published:
14 July 2026

What is CVE-2026-10051?

In Eclipse Jetty, a flaw exists that affects how trailers from the first HTTP/1.1 request are managed over the same connection. This vulnerability allows subsequent requests without trailers to mistakenly report the trailers of the initial request. Furthermore, if later requests include trailers, they will include a combination of the initial request's trailers and those of the current request, potentially leading to leakage of unintended data across multiple requests.

Affected Version(s)

Eclipse Jetty 12.0.0 <= 12.0.35

Eclipse Jetty 12.1.0 <= 12.1.9

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.