CVE-2026-2332 (GCVE-0-2026-2332)
Vulnerability from cvelistv5 – Published: 2026-04-14 10:59 – Updated: 2026-06-30 03:15
VLAI
Title
HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
Summary
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here:
* https://w4ke.info/2025/06/18/funky-chunks.html
* https://w4ke.info/2025/10/29/funky-chunks-2.html
Jetty terminates chunk extension parsing at \r\n inside quoted strings instead of treating this as an error.
POST / HTTP/1.1
Host: localhost
Transfer-Encoding: chunked
1;ext="val
X
0
GET /smuggled HTTP/1.1
...
Note how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.
Severity
7.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://github.com/jetty/jetty.project/security/a… | third-party-advisory |
| https://gitlab.eclipse.org/security/cve-assignmen… | issue-tracking |
| https://access.redhat.com/security/cve/CVE-2026-2332 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2458187 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:20568 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:25089 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:14272 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22453 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21773 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10175 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:17668 | vendor-advisoryx_refsource_REDHAT |
Impacted products
26 products
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Eclipse Jetty |
Affected:
12.1.0 , ≤ 12.1.6
(semver)
Affected: 12.0.0 , ≤ 12.0.32 (semver) Affected: 11.0.0 , ≤ 11.0.27 (semver) Affected: 10.0.0 , ≤ 10.0.27 (semver) Affected: 9.4.0 , ≤ 9.4.59 (semver) |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 9) |
cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | HawtIO HawtIO 4.4.0 |
cpe:/a:redhat:apache_camel_hawtio:4.4::el9 |
|
| Red Hat | Red Hat AMQ Broker 7.13.5 |
cpe:/a:redhat:amq_broker:7.13 |
|
| Red Hat | Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 |
cpe:/a:redhat:apache_camel_quarkus:3.33 |
|
| Red Hat | Red Hat Offline Knowledge Portal 1.2.6 |
cpe:/a:redhat:offline_knowledge_portal:1.2::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.27 |
cpe:/a:redhat:openshift_devspaces:3.27::el9 |
|
| Red Hat | Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14 |
cpe:/a:redhat:apache_camel_spring_boot:4.18 |
|
| Red Hat | OpenShift Developer Tools and Services |
cpe:/a:redhat:ocp_tools |
|
| Red Hat | Red Hat AMQ Broker 7 |
cpe:/a:redhat:amq_broker:7 |
|
| Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 |
cpe:/a:redhat:camel_quarkus:3 |
|
| Red Hat | Red Hat build of Debezium 2 |
cpe:/a:redhat:debezium:2 |
|
| Red Hat | Red Hat build of Debezium 3 |
cpe:/a:redhat:debezium:3 |
|
| Red Hat | Red Hat Fuse 7 |
cpe:/a:redhat:jboss_fuse:7 |
|
| Red Hat | Red Hat JBoss Web Server 6 |
cpe:/a:redhat:jboss_enterprise_web_server:6 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | Red Hat Single Sign-On 7 |
cpe:/a:redhat:red_hat_single_sign_on:7 |
|
| Red Hat | streams for Apache Kafka 2 |
cpe:/a:redhat:amq_streams:2 |
|
| Red Hat | streams for Apache Kafka 3 |
cpe:/a:redhat:amq_streams:3 |
|
| Red Hat | Red Hat build of Apicurio Registry 2 |
cpe:/a:redhat:service_registry:2 |
|
| Red Hat | Red Hat build of Apicurio Registry 3 |
cpe:/a:redhat:apicurio_registry:3 |
|
| Red Hat | Red Hat Data Grid 8 |
cpe:/a:redhat:jboss_data_grid:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
|
| Red Hat | Red Hat Process Automation 7 |
cpe:/a:redhat:jboss_enterprise_bpms_platform:7 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2332",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T03:58:12.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
],
"defaultStatus": "affected",
"product": "HawtIO HawtIO 4.4.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7.13"
],
"defaultStatus": "affected",
"product": "Red Hat AMQ Broker 7.13.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_quarkus:3.33"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Apache Camel 4.18 for Quarkus 3.33",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:offline_knowledge_portal:1.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Offline Knowledge Portal 1.2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.27::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.27",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_spring_boot:4.18"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "affected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:camel_quarkus:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apache Camel 4 for Quarkus 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:debezium:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Debezium 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:debezium:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Debezium 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_web_server:6"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Web Server 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-14T10:59:10.193Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T03:15:32.250Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-2332"
},
{
"name": "RHBZ#2458187",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458187"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2332.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14272"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22453"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21773"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10175"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17668"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:20568: Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:25089: HawtIO HawtIO 4.4.0"
},
{
"lang": "en",
"value": "RHSA-2026:14272: Red Hat AMQ Broker 7.13.5"
},
{
"lang": "en",
"value": "RHSA-2026:22453: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33"
},
{
"lang": "en",
"value": "RHSA-2026:21773: Red Hat Offline Knowledge Portal 1.2.6"
},
{
"lang": "en",
"value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:17668: Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-14T12:01:05.768Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-14T10:59:10.193Z",
"value": "Made public."
}
],
"title": "org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing",
"workarounds": [
{
"lang": "en",
"value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "pkg://maven/org.eclipse.jetty/jetty-http",
"product": "Eclipse Jetty",
"repo": "https://github.com/jetty/jetty.project",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "12.1.6",
"status": "affected",
"version": "12.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.0.32",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.27",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.4.59",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "https://github.com/xclow3n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003ehttps://w4ke.info/2025/06/18/funky-chunks.html\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003ehttps://w4ke.info/2025/10/29/funky-chunks-2.html\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003eJetty terminates chunk extension parsing at\u0026nbsp;\u003ccode\u003e\\r\\n\u003c/code\u003e\u0026nbsp;inside quoted strings instead of treating this as an error.\u003cbr\u003e\u003cbr\u003e\n\u003cpre\u003ePOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\u003c/pre\u003e\n\n\u003cdiv\u003e\u003cbr\u003eNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n * https://w4ke.info/2025/06/18/funky-chunks.html\n\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at\u00a0\\r\\n\u00a0inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent interpretation of HTTP requests (\u0027HTTP Request/Response smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T10:59:10.193Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTTP Request Smuggling via Chunked Extension Quoted-String Parsing",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2026-2332",
"datePublished": "2026-04-14T10:59:10.193Z",
"dateReserved": "2026-02-11T09:56:25.879Z",
"dateUpdated": "2026-06-30T03:15:32.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-2332",
"date": "2026-06-30",
"epss": "0.01127",
"percentile": "0.62268"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-2332\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2026-04-14T12:16:21.333\",\"lastModified\":\"2026-06-30T03:18:12.623\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \\\"funky chunks\\\" techniques outlined here:\\n * https://w4ke.info/2025/06/18/funky-chunks.html\\n\\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\\n\\n\\nJetty terminates chunk extension parsing at\u00a0\\\\r\\\\n\u00a0inside quoted strings instead of treating this as an error.\\n\\n\\nPOST / HTTP/1.1\\nHost: localhost\\nTransfer-Encoding: chunked\\n\\n1;ext=\\\"val\\nX\\n0\\n\\nGET /smuggled HTTP/1.1\\n...\\n\\n\\n\\n\\n\\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.\"}],\"affected\":[{\"source\":\"emo@eclipse.org\",\"affectedData\":[{\"vendor\":\"Eclipse Foundation\",\"product\":\"Eclipse Jetty\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://repo.maven.apache.org/maven2\",\"packageName\":\"pkg://maven/org.eclipse.jetty/jetty-http\",\"repo\":\"https://github.com/jetty/jetty.project\",\"versions\":[{\"version\":\"12.1.0\",\"lessThanOrEqual\":\"12.1.6\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"12.0.0\",\"lessThanOrEqual\":\"12.0.32\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"11.0.0\",\"lessThanOrEqual\":\"11.0.27\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"10.0.0\",\"lessThanOrEqual\":\"10.0.27\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"9.4.0\",\"lessThanOrEqual\":\"9.4.59\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"HawtIO HawtIO 4.4.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_hawtio:4.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AMQ Broker 7.13.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_broker:7.13\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Build of Apache Camel 4.18 for Quarkus 3.33\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_quarkus:3.33\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Offline Knowledge Portal 1.2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:offline_knowledge_portal:1.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.27\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.27::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_spring_boot:4.18\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Developer Tools and Services\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ocp_tools\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AMQ Broker 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_broker:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apache Camel 4 for Quarkus 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:camel_quarkus:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Debezium 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:debezium:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Debezium 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:debezium:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Fuse 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_fuse:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Web Server 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_web_server:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Single Sign-On 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:red_hat_single_sign_on:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apicurio Registry 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_registry:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apicurio Registry 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:apicurio_registry:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Data Grid 8\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jboss_data_grid:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform 8\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform Expansion Pack\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jbosseapxp\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Process Automation 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_bpms_platform:7\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-14T00:00:00+00:00\",\"id\":\"CVE-2026-2332\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.60\",\"matchCriteriaId\":\"E0FB149B-EF33-4A51-9B96-030899E250CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.28\",\"matchCriteriaId\":\"361D419A-7A89-439A-99B1-D34E9914BAE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.28\",\"matchCriteriaId\":\"7020D8E5-61DD-4DB6-82E4-EA46A96838A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.0.33\",\"matchCriteriaId\":\"E1A6095F-3D1E-40CB-A875-D41BF6C73EB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.7\",\"matchCriteriaId\":\"B5A32954-7B03-46B6-9956-54BE0F8477E8\"}]}]}],\"references\":[{\"url\":\"https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.eclipse.org/security/cve-assignment/-/issues/89\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10175\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14272\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17668\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20568\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21773\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22453\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25089\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-2332\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2458187\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2332.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2332\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-14T13:06:34.622366Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-14T13:08:48.379Z\"}}], \"cna\": {\"title\": \"HTTP Request Smuggling via Chunked Extension Quoted-String Parsing\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"https://github.com/xclow3n\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/jetty/jetty.project\", \"vendor\": \"Eclipse Foundation\", \"product\": \"Eclipse Jetty\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"12.1.6\"}, {\"status\": \"affected\", \"version\": \"12.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"12.0.32\"}, {\"status\": \"affected\", \"version\": \"11.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.27\"}, {\"status\": \"affected\", \"version\": \"10.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.27\"}, {\"status\": \"affected\", \"version\": \"9.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.4.59\"}], \"packageName\": \"pkg://maven/org.eclipse.jetty/jetty-http\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://gitlab.eclipse.org/security/cve-assignment/-/issues/89\", \"tags\": [\"issue-tracking\"]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \\\"funky chunks\\\" techniques outlined here:\\n * https://w4ke.info/2025/06/18/funky-chunks.html\\n\\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\\n\\n\\nJetty terminates chunk extension parsing at\\u00a0\\\\r\\\\n\\u00a0inside quoted strings instead of treating this as an error.\\n\\n\\nPOST / HTTP/1.1\\nHost: localhost\\nTransfer-Encoding: chunked\\n\\n1;ext=\\\"val\\nX\\n0\\n\\nGET /smuggled HTTP/1.1\\n...\\n\\n\\n\\n\\n\\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \\\"funky chunks\\\" techniques outlined here:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan\u003ehttps://w4ke.info/2025/06/18/funky-chunks.html\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003ehttps://w4ke.info/2025/10/29/funky-chunks-2.html\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003eJetty terminates chunk extension parsing at\u0026nbsp;\u003ccode\u003e\\\\r\\\\n\u003c/code\u003e\u0026nbsp;inside quoted strings instead of treating this as an error.\u003cbr\u003e\u003cbr\u003e\\n\u003cpre\u003ePOST / HTTP/1.1\\nHost: localhost\\nTransfer-Encoding: chunked\\n\\n1;ext=\\\"val\\nX\\n0\\n\\nGET /smuggled HTTP/1.1\\n...\\n\u003c/pre\u003e\\n\\n\u003cdiv\u003e\u003cbr\u003eNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444 Inconsistent interpretation of HTTP requests (\u0027HTTP Request/Response smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2026-04-14T10:59:10.193Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-2332\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-15T03:58:12.322Z\", \"dateReserved\": \"2026-02-11T09:56:25.879Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2026-04-14T10:59:10.193Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…