Eclipse Vulnerabilities
Comprehensive security vulnerability database for Eclipse products
2
0
2
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-1605 | 7.5 | This vulnerability allows an attacker to cause a memory leak on servers using specific versions of Eclipse Jetty by sending a compressed HTTP request that isn't met with a compressed response. For this to happen, the server must be configured to handle gzip-encoded requests, but fail to respond with gzip-encoded data. | eclipsejetty | Exploit Available | about 1 month agoMar 5, 2026 |
| CVE-2025-11143 | 6.5 | This vulnerability allows an attacker to potentially bypass security measures by exploiting differences in how various components of a system interpret unusual web addresses (URIs). If different parts of the system use different rules for these URIs, it could lead to unauthorized access or reveal sensitive information about the system's setup. | eclipsejetty | Exploit Available | about 1 month agoMar 5, 2026 |
About Eclipse Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Eclipse products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.