{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5795", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "state": "PUBLISHED", "assignerShortName": "eclipse", "dateReserved": "2026-04-08T13:21:06.990Z", "datePublished": "2026-04-08T13:32:28.935Z", "dateUpdated": "2026-04-09T03:56:11.784Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2026-04-08T13:32:28.935Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-226", "description": "CWE-226 Sensitive information in resource not removed before reuse", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "type": "CWE"}]}], "affected": [{"vendor": "Eclipse Foundation", "product": "Eclipse Jetty", "repo": "https://github.com/jetty/jetty.project", "versions": [{"status": "affected", "version": "12.1.0", "lessThanOrEqual": "12.1.7", "versionType": "semver"}, {"status": "affected", "version": "12.0.0", "lessThanOrEqual": "12.0.33", "versionType": "semver"}, {"status": "affected", "version": "11.0.0", "lessThanOrEqual": "11.0.28", "versionType": "semver"}, {"status": "affected", "version": "10.0.0", "lessThanOrEqual": "10.0.28", "versionType": "semver"}, {"status": "affected", "version": "9.4.0", "lessThanOrEqual": "9.4.60", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.\n\n\nUpon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.\n\n\nA subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>In Eclipse Jetty, the class <code>JASPIAuthenticator</code> initiates the authentication checks, which set two <code>ThreadLocal</code> variable.</p>\n<p>Upon returning from the initial checks, there are conditions that cause an early return from the <code>JASPIAuthenticator</code> code without clearing those <code>ThreadLocal</code>s.</p>\n<p>A subsequent request using the same thread inherits the <code>ThreadLocal</code> values, leading to a broken access control and privilege escalation.</p>\n\n<p></p>"}]}], "references": [{"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-r7p8-xq5m-436chttps://"}, {"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/92"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}}], "credits": [{"lang": "en", "value": "https://github.com/HRsGIT", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-5795"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T03:56:11.784Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5795", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T16:01:55.551503Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T16:01:58.420Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "https://github.com/HRsGIT"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/jetty/jetty.project", "vendor": "Eclipse Foundation", "product": "Eclipse Jetty", "versions": [{"status": "affected", "version": "12.1.0", "versionType": "semver", "lessThanOrEqual": "12.1.7"}, {"status": "affected", "version": "12.0.0", "versionType": "semver", "lessThanOrEqual": "12.0.33"}, {"status": "affected", "version": "11.0.0", "versionType": "semver", "lessThanOrEqual": "11.0.28"}, {"status": "affected", "version": "10.0.0", "versionType": "semver", "lessThanOrEqual": "10.0.28"}, {"status": "affected", "version": "9.4.0", "versionType": "semver", "lessThanOrEqual": "9.4.60"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-r7p8-xq5m-436chttps://"}, {"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/92"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.\n\n\nUpon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.\n\n\nA subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation.", "supportingMedia": [{"type": "text/html", "value": "<p>In Eclipse Jetty, the class <code>JASPIAuthenticator</code> initiates the authentication checks, which set two <code>ThreadLocal</code> variable.</p>\n<p>Upon returning from the initial checks, there are conditions that cause an early return from the <code>JASPIAuthenticator</code> code without clearing those <code>ThreadLocal</code>s.</p>\n<p>A subsequent request using the same thread inherits the <code>ThreadLocal</code> values, leading to a broken access control and privilege escalation.</p>\n\n<p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-226", "description": "CWE-226 Sensitive information in resource not removed before reuse"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2026-04-08T13:32:28.935Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5795", "state": "PUBLISHED", "dateUpdated": "2026-04-09T03:56:11.784Z", "dateReserved": "2026-04-08T13:21:06.990Z", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "datePublished": "2026-04-08T13:32:28.935Z", "assignerShortName": "eclipse"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6BB4322-1158-46D7-8A04-2B4FBC3941A4", "versionEndIncluding": "9.4.58", "versionStartIncluding": "9.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "56F09A5B-49C1-406A-B4F6-D6F2D3FA660E", "versionEndIncluding": "10.0.26", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B1CFB36-11A3-449E-BDDF-7837CE9E1511", "versionEndIncluding": "11.0.26", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDF5EEDA-C7D3-41A7-824F-E8CA0402C3B5", "versionEndExcluding": "12.0.34", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A3BA101-07D6-4DE1-A258-A60679A178FB", "versionEndExcluding": "12.1.8", "versionStartIncluding": "12.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.\n\n\nUpon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.\n\n\nA subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation."}], "id": "CVE-2026-5795", "lastModified": "2026-04-23T11:54:04.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "emo@eclipse.org", "type": "Secondary"}]}, "published": "2026-04-08T14:16:32.633", "references": [{"source": "emo@eclipse.org", "tags": ["Broken Link"], "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-r7p8-xq5m-436chttps://"}, {"source": "emo@eclipse.org", "tags": ["Broken Link"], "url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/92"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-226"}, {"lang": "en", "value": "CWE-287"}], "source": "emo@eclipse.org", "type": "Primary"}]}

{"bugzilla": {"description": "org.eclipse.jetty.ee10/jetty-ee10: early return from the JASPIAuthenticator class without clearing ThreadLocal variables", "id": "2456519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456519"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-226", "details": ["A flaw was found in Eclipse Jetty. The `JASPIAuthenticator` class is responsible for handling authentication checks. During these checks, the class sets two ThreadLocal variables to store authentication state. Under certain conditions, the authentication process can return early without properly clearing the ThreadLocal variables, allowing a subsequent request to inherit the un-cleared ThreadLocal values. This issue can cause broken access control, authentication bypass, privilege escalation and data breaches."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2026-5795", "package_state": [{"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "jetty-ee10-annotations", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "jetty-ee10-apache-jsp", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "jetty-ee10-plus", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "jetty-ee10-servlet", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "jetty-ee10-servlets", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "jetty-ee10-webapp", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:apache_camel_hawtio:4", "fix_state": "Affected", "package_name": "jetty-ee10-servlet", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:apache_camel_hawtio:4", "fix_state": "Affected", "package_name": "jetty-ee10-webapp", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Affected", "package_name": "jetty-ee10-servlet", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-annotations", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-apache-jsp", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-cdi", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-fcgi-proxy", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-glassfish-jstl", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-home", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-jaspi", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-jndi", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-jspc-maven-plugin", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-maven-plugin", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-plus", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-proxy", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-quickstart", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-servlet", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-servlets", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "jetty-ee10-webapp", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-annotations", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-apache-jsp", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-cdi", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-fcgi-proxy", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-glassfish-jstl", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-home", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-jaspi", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-jndi", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-jspc-maven-plugin", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-maven-plugin", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-plus", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-proxy", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-quickstart", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-servlet", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-servlets", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "jetty-ee10-webapp", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Affected", "package_name": "redhat-user-workloads/openvsx", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Affected", "package_name": "redhat-user-workloads/pluginregistry-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:amq_streams:3", "fix_state": "Affected", "package_name": "jetty-ee10-servlet", "product_name": "streams for Apache Kafka 3"}, {"cpe": "cpe:/a:redhat:amq_streams:3", "fix_state": "Affected", "package_name": "jetty-ee10-servlets", "product_name": "streams for Apache Kafka 3"}], "public_date": "2026-04-08T13:32:28Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-5795\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-5795\nhttps://github.com/advisories/GHSA-gc59-r5jq-98qw"], "statement": "This vulnerability is only exploitable when `JASPIAuthenticator` class returns early and a subsequent request inherits the un-cleared ThreadLocal values. This requires a new request to be assigned the exact same recycled thread, increasing the complexity of exploitation. Due to these reasons, this flaw has been rated with an important severity.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.1.0,12.1.7]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.0.0,12.0.33]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.0.0,11.0.28]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.0.0,10.0.28]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.4.0,9.4.60]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Eclipse Jetty", "source": "cna", "vendor": "Eclipse Foundation"}, "product": "jetty", "vendor": "eclipse"}], "analysis": {"en": {"generated_at": "2026-04-08T14:35:45.645962+00:00", "value": {"mitigation_remediation": ["Apply the latest Eclipse Jetty update that resolves the JASPIAuthenticator thread\u2011local clearance bug.", "If a patch is not yet available, upgrade to a Jetty version that does not include the vulnerable JASPIAuthenticator implementation.", "Implement monitoring to detect unexpected privilege escalation events and review server logs for anomalous access patterns.", "Consider configuring the server to use a dedicated thread pool that limits the reuse of worker threads for sequential requests."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Any installation of the Eclipse Jetty web server that includes the JASPIAuthenticator component is potentially vulnerable. Specific product and version details are not listed in the advisory, so all supported Jetty releases should be verified for the presence of the issue.", "description_and_impact": "The flaw occurs in Eclipse Jetty\u2019s JASPIAuthenticator class, where thread-local variables used for authentication checks are not cleared when an early return happens. As a result, a subsequent request handled by the same thread inherits stale authentication data, effectively bypassing access controls and allowing an attacker to execute actions with elevated privileges. This represents an authentication bypass and broken access control weakness.", "risk_and_exploitability": "The advisory assigns a CVSS base score of 7.4, indicating a high impact vulnerability. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred as remote, relying on HTTP requests sent to the server; an attacker must be able to send multiple requests that are processed on the same worker thread to exploit the thread\u2011local residue."}}}}, "created": "2026-04-08T19:27:01.097050+00:00", "title": "ThreadLocal Variable Leak Allows Thread-Based Privilege Escalation in Eclipse Jetty JASPIAuthenticator", "updated": "2026-04-08T19:39:30.618397+00:00", "vendors": ["eclipse", "eclipse$PRODUCT$jetty"]}