In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection.
Subsequent request that do not have trailers report the trailers of the first request.
Subsequent request that do have trailers report the union of trailers of the first request and the current request.

Project Subscriptions

Vendors Products
Eclipse Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 14 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 14 Jul 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Eclipse
Eclipse jetty
Vendors & Products Eclipse
Eclipse jetty

Tue, 14 Jul 2026 09:15:00 +0000

Type Values Removed Values Added
Description In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the union of trailers of the first request and the current request.
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: eclipse

Published:

Updated: 2026-07-14T12:57:50.096Z

Reserved: 2026-05-29T07:28:48.617Z

Link: CVE-2026-10051

cve-icon Vulnrichment

Updated: 2026-07-14T12:57:46.450Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-14T10:30:08Z

Weaknesses