Home

Description

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling.

PUBLISHED Reserved 2026-06-18 | Published 2026-07-14 | Updated 2026-07-14 | Assigner eclipse




MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-444: Inconsistent Interpretation of HTTP Requests

Product status

Default status
unaffected

4.0.0 (semver)
affected

5.0.0 (semver) before 5.0.2
affected

Credits

Sebastiano Sartor finder

References

gitlab.eclipse.org/security/cve-assignment/-/work_items/129

cve.org (CVE-2026-12606)

nvd.nist.gov (CVE-2026-12606)

Download JSON