HTTP/1.1 Request Trailers Vulnerability in Eclipse Jetty
CVE-2026-10051
6.9MEDIUM
What is CVE-2026-10051?
In Eclipse Jetty, a flaw exists that affects how trailers from the first HTTP/1.1 request are managed over the same connection. This vulnerability allows subsequent requests without trailers to mistakenly report the trailers of the initial request. Furthermore, if later requests include trailers, they will include a combination of the initial request's trailers and those of the current request, potentially leading to leakage of unintended data across multiple requests.
Affected Version(s)
Eclipse Jetty 12.0.0 <= 12.0.35
Eclipse Jetty 12.1.0 <= 12.1.9
