Eclipse Grizzly HTTP Request Smuggling Vulnerability in Affected Versions
CVE-2026-12606
6.3MEDIUM
What is CVE-2026-12606?
The Eclipse Grizzly framework, prior to version 5.0.2, is susceptible to an HTTP request smuggling vulnerability due to improper parsing of the trailer section in malformed trailer headers. This flaw can be exploited by attackers to manipulate and obfuscate server requests, potentially leading to security breaches. It is crucial for organizations using affected versions to apply updates and take preventive measures to mitigate the risk of exploitation.
Affected Version(s)
Eclipse GlassFish 4.0.0 <= 4.0.2
Eclipse GlassFish 5.0.0 < 5.0.2
