2
0
2
0
Vulnerability Timeline
2 vulnerabilities discovered over time for Jetty
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-1605 | 7.5 | This vulnerability allows an attacker to cause a memory leak on servers using specific versions of Eclipse Jetty by sending a compressed HTTP request that isn't met with a compressed response. For this to happen, the server must be configured to handle gzip-encoded requests, but fail to respond with gzip-encoded data. | eclipsejetty | Exploit Available | about 1 month agoMar 5, 2026 |
| CVE-2025-11143 | 6.5 | This vulnerability allows an attacker to potentially bypass security measures by exploiting differences in how various components of a system interpret unusual web addresses (URIs). If different parts of the system use different rules for these URIs, it could lead to unauthorized access or reveal sensitive information about the system's setup. | eclipsejetty | Exploit Available | about 1 month agoMar 5, 2026 |
About Eclipse Jetty Security
This page provides comprehensive security vulnerability tracking for Eclipse Jetty. Our database includes all CVEs affecting this product, updated in real-time from official sources.
Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.
Security Recommendations
- • Always keep Jetty updated to the latest version
- • Subscribe to security advisories from Eclipse
- • Monitor this page for new vulnerabilities affecting your version
- • Prioritize patching critical and high severity issues immediately