{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-5795","assignerOrgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","state":"PUBLISHED","assignerShortName":"eclipse","dateReserved":"2026-04-08T13:21:06.990Z","datePublished":"2026-04-08T13:32:28.935Z","dateUpdated":"2026-07-02T12:04:46.169Z"},"containers":{"cna":{"providerMetadata":{"orgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","shortName":"eclipse","dateUpdated":"2026-04-08T13:32:28.935Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-226","description":"CWE-226 Sensitive information in resource not removed before reuse","type":"CWE"}]},{"descriptions":[{"lang":"en","cweId":"CWE-287","description":"CWE-287 Improper Authentication","type":"CWE"}]}],"affected":[{"vendor":"Eclipse Foundation","product":"Eclipse Jetty","repo":"https://github.com/jetty/jetty.project","versions":[{"status":"affected","version":"12.1.0","lessThanOrEqual":"12.1.7","versionType":"semver"},{"status":"affected","version":"12.0.0","lessThanOrEqual":"12.0.33","versionType":"semver"},{"status":"affected","version":"11.0.0","lessThanOrEqual":"11.0.28","versionType":"semver"},{"status":"affected","version":"10.0.0","lessThanOrEqual":"10.0.28","versionType":"semver"},{"status":"affected","version":"9.4.0","lessThanOrEqual":"9.4.60","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.\n\n\nUpon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.\n\n\nA subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>In Eclipse Jetty, the class <code>JASPIAuthenticator</code> initiates the authentication checks, which set two <code>ThreadLocal</code> variable.</p>\n<p>Upon returning from the initial checks, there are conditions that cause an early return from the <code>JASPIAuthenticator</code> code without clearing those <code>ThreadLocal</code>s.</p>\n<p>A subsequent request using the same thread inherits the <code>ThreadLocal</code> values, leading to a broken access control and privilege escalation.</p>\n\n<p></p>"}]}],"references":[{"url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-r7p8-xq5m-436chttps://"},{"url":"https://gitlab.eclipse.org/security/cve-assignment/-/issues/92"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseSeverity":"HIGH","baseScore":7.4,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}}],"credits":[{"lang":"en","value":"https://github.com/HRsGIT","type":"finder"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.1"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-08T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-5795"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-09T03:56:11.784Z"}},{"affected":[{"cpes":["cpe:/a:redhat:apache_camel_hawtio:4.4::el9"],"defaultStatus":"affected","product":"HawtIO HawtIO 4.4.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:offline_knowledge_portal:1.2::el9"],"defaultStatus":"affected","product":"Red Hat Offline Knowledge Portal 1.2.7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"],"defaultStatus":"affected","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_streams:3"],"defaultStatus":"affected","product":"streams for Apache Kafka 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_data_grid:8"],"defaultStatus":"unaffected","product":"Red Hat Data Grid 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"],"defaultStatus":"unaffected","product":"Red Hat JBoss Enterprise Application Platform 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jbosseapxp"],"defaultStatus":"unaffected","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_devspaces:3"],"defaultStatus":"unaffected","product":"Red Hat OpenShift Dev Spaces","vendor":"Red Hat"}],"datePublic":"2026-04-08T13:32:28.935Z","descriptions":[{"lang":"en","value":"A flaw was found in Eclipse Jetty. The `JASPIAuthenticator` class is responsible for handling authentication checks. During these checks, the class sets two ThreadLocal variables to store authentication state. Under certain conditions, the authentication process can return early without properly clearing the ThreadLocal variables, allowing a subsequent request to inherit the un-cleared ThreadLocal values. This issue can cause broken access control, authentication bypass, privilege escalation and data breaches."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-226","description":"Sensitive Information in Resource Not Removed Before Reuse","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-5795"},{"name":"RHBZ#2456519","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456519"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5795.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:25089"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:28573"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17668"}],"solutions":[{"lang":"en","value":"RHSA-2026:25089: HawtIO HawtIO 4.4.0"},{"lang":"en","value":"RHSA-2026:28573: Red Hat Offline Knowledge Portal 1.2.7"},{"lang":"en","value":"RHSA-2026:17668: Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14"}],"timeline":[{"lang":"en","time":"2026-04-08T14:01:02.911Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-08T13:32:28.935Z","value":"Made public."}],"title":"org.eclipse.jetty.ee10/jetty-ee10: early return from the JASPIAuthenticator class without clearing ThreadLocal variables","workarounds":[{"lang":"en","value":"Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-02T12:04:46.169Z"}}]}}