Eclipse Grizzly HTTP Request Smuggling Vulnerability in Affected Versions
CVE-2026-12606

6.3MEDIUM

Key Information:

Vendor
CVE Published:
14 July 2026

What is CVE-2026-12606?

The Eclipse Grizzly framework, prior to version 5.0.2, is susceptible to an HTTP request smuggling vulnerability due to improper parsing of the trailer section in malformed trailer headers. This flaw can be exploited by attackers to manipulate and obfuscate server requests, potentially leading to security breaches. It is crucial for organizations using affected versions to apply updates and take preventive measures to mitigate the risk of exploitation.

Affected Version(s)

Eclipse GlassFish 4.0.0 <= 4.0.2

Eclipse GlassFish 5.0.0 < 5.0.2

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sebastiano Sartor
.