A vulnerability, which was classified as problematic, was found in Eclipse Vert.x up to 4.5.29/5.1.4. Affected by this vulnerability is an unknown functionality of the component WebClientSession. Executing a manipulation of the argument Domain can lead to permissive cross-domain policy with untrusted domains.

This vulnerability appears as CVE-2026-15076. The attack may be performed from remote. There is no available exploit.