CVE-2026-6860

Summary

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.

Affected Software

VendorProductVersion RangeStatus
Eclipse FoundationEclipse Vert.x4.3.4 <= 4.5.26affected
Eclipse FoundationEclipse Vert.x5.0.0 <= 5.0.11affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References