CVE-2026-5795 | Eclipse Jetty up to 9.4.60/10.0.28/11.0.28/12.0.33/12.1.7 JASPIAuthenticator ThreadLocal sensitive information in resource not removed before reuse

Inserito da Angelo Barbosa | Apr 8, 2026 | CVE

A vulnerability was found in Eclipse Jetty up to 9.4.60/10.0.28/11.0.28/12.0.33/12.1.7 and classified as problematic. Affected is the function JASPIAuthenticator. Such manipulation of the argument ThreadLocal leads to sensitive information in resource not removed before reuse.

This vulnerability is traded as CVE-2026-5795. The attack may be launched remotely. There is no exploit available.

CVE-2026-5795 | Eclipse Jetty up to 9.4.60/10.0.28/11.0.28/12.0.33/12.1.7 JASPIAuthenticator ThreadLocal sensitive information in resource not removed before reuse

Post correlati

CVE-2025-40898 | Nozomi Guardian/CMC up to 25.4.x Arc Data Archive Import path traversal

CVE-2024-20380 | Cisco ClamAV 1.3 HTML Parser undefined behavior for input to api

CVE-2024-11647 | 1000 Projects Beauty Parlour Management System 1.0 view-appointment.php viewid sql injection

CVE-2025-69690 | Netgate pfSense CE up to 2.7.2 Backup File unserialize deserialization