A vulnerability, which was classified as very critical, has been found in Eclipse Kura up to 5.6.1. This affects the function getRemoteAddr of the component Web Console/REST API. The manipulation of the argument X-Forwarded-For leads to injection.

This vulnerability is documented as CVE-2026-9561. The attack can be initiated remotely. There is not any exploit available.