VDB
GCVE-110-NCSC-2026-169
GCVE-110-NCSC-2026-169
Advisory PublishedCVSS 9.1/10
Eclipse Jetty's HTTP/1.1 parser improperly handles unclosed quoted strings in chunked transfer encoding extensions, enabling request smuggling attacks that can lead to security bypass, cache poisoning, and unauthorized HTTP request injection.
Weaknesses (CWE)
CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Risk Scores
CVSS 3.1
9.1/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Oracle | vers:unknown/* | — | — |
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.