Path Traversal Vulnerability in Eclipse Jetty
CVE-2026-8384

5.3MEDIUM

Key Information:

Vendor
CVE Published:
14 July 2026

What is CVE-2026-8384?

A path traversal vulnerability exists in Eclipse Jetty where an HTTP URI containing specific elements can lead to an unresolved path. This can cause issues for web applications that depend on Jetty's path resolution, as they may receive paths that could expose sensitive files or lead to incorrect resource handling. While Jetty itself does not serve unresolved paths due to its alias checker, applications reliant on Jetty’s behavior could inadvertently become confused by the unresolved paths, potentially leading to security concerns.

Affected Version(s)

Eclipse Jetty 12.0.0 <= 12.0.34

Eclipse Jetty 12.1.0 <= 12.1.8

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

https://github.com/jweny
https://github.com/lworld0x00
.