VDB

GCVE-110-NCSC-2026-169

GCVE-110-NCSC-2026-169
Advisory PublishedCVSS 9.1/10
Vulnetix · Advisory published May 29, 2026
Eclipse Jetty's HTTP/1.1 parser improperly handles unclosed quoted strings in chunked transfer encoding extensions, enabling request smuggling attacks that can lead to security bypass, cache poisoning, and unauthorized HTTP request injection.

Weaknesses (CWE)

CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Risk Scores

CVSS 3.1
9.1/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersionsPlatforms
Oraclevers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›