CVE-2026-12606

Summary

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling.

Affected Software

VendorProductVersion RangeStatus
Eclipse FoundationEclipse GlassFish4.0.0 <= 4.0.2affected
Eclipse FoundationEclipse GlassFish5.0.0 < 5.0.2affected

Weaknesses

  • CWE-444: CWE-444: Inconsistent Interpretation of HTTP Requests

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References