{"api_version":"1","generated_at":"2026-04-17T08:44:27+00:00","cve":"CVE-2026-5795","urls":{"html":"https://cve.report/CVE-2026-5795","api":"https://cve.report/api/cve/CVE-2026-5795.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-5795","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-5795"},"summary":{"title":"CVE-2026-5795","description":"In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.\n\n\nUpon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.\n\n\nA subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation.","state":"PUBLISHED","assigner":"eclipse","published_at":"2026-04-08 14:16:32","updated_at":"2026-04-08 21:26:13"},"problem_types":["CWE-226","CWE-287","CWE-226 CWE-226 Sensitive information in resource not removed before reuse","CWE-287 CWE-287 Improper Authentication"],"metrics":[{"version":"3.1","source":"emo@eclipse.org","type":"Secondary","score":"7.4","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.4","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignment/-/issues/92","name":"https://gitlab.eclipse.org/security/cve-assignment/-/issues/92","refsource":"emo@eclipse.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-r7p8-xq5m-436chttps://","name":"https://github.com/jetty/jetty.project/security/advisories/GHSA-r7p8-xq5m-436chttps://","refsource":"emo@eclipse.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-5795","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5795","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Eclipse Foundation","product":"Eclipse Jetty","version":"affected 12.1.0 12.1.7 semver","platforms":[]},{"source":"CNA","vendor":"Eclipse Foundation","product":"Eclipse Jetty","version":"affected 12.0.0 12.0.33 semver","platforms":[]},{"source":"CNA","vendor":"Eclipse Foundation","product":"Eclipse Jetty","version":"affected 11.0.0 11.0.28 semver","platforms":[]},{"source":"CNA","vendor":"Eclipse Foundation","product":"Eclipse Jetty","version":"affected 10.0.0 10.0.28 semver","platforms":[]},{"source":"CNA","vendor":"Eclipse Foundation","product":"Eclipse Jetty","version":"affected 9.4.0 9.4.60 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"https://github.com/HRsGIT","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"5795","cve":"CVE-2026-5795","epss":"0.000200000","percentile":"0.054130000","score_date":"2026-04-14","updated_at":"2026-04-15 00:18:08"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-5795","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-08T16:01:55.551503Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-08T16:02:03.590Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Eclipse Jetty","repo":"https://github.com/jetty/jetty.project","vendor":"Eclipse Foundation","versions":[{"lessThanOrEqual":"12.1.7","status":"affected","version":"12.1.0","versionType":"semver"},{"lessThanOrEqual":"12.0.33","status":"affected","version":"12.0.0","versionType":"semver"},{"lessThanOrEqual":"11.0.28","status":"affected","version":"11.0.0","versionType":"semver"},{"lessThanOrEqual":"10.0.28","status":"affected","version":"10.0.0","versionType":"semver"},{"lessThanOrEqual":"9.4.60","status":"affected","version":"9.4.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"https://github.com/HRsGIT"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>In Eclipse Jetty, the class <code>JASPIAuthenticator</code> initiates the authentication checks, which set two <code>ThreadLocal</code> variable.</p>\n<p>Upon returning from the initial checks, there are conditions that cause an early return from the <code>JASPIAuthenticator</code> code without clearing those <code>ThreadLocal</code>s.</p>\n<p>A subsequent request using the same thread inherits the <code>ThreadLocal</code> values, leading to a broken access control and privilege escalation.</p>\n\n<p></p>"}],"value":"In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.\n\n\nUpon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.\n\n\nA subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-226","description":"CWE-226 Sensitive information in resource not removed before reuse","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-287","description":"CWE-287 Improper Authentication","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-08T13:32:28.935Z","orgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","shortName":"eclipse"},"references":[{"url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-r7p8-xq5m-436chttps://"},{"url":"https://gitlab.eclipse.org/security/cve-assignment/-/issues/92"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.1"}}},"cveMetadata":{"assignerOrgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","assignerShortName":"eclipse","cveId":"CVE-2026-5795","datePublished":"2026-04-08T13:32:28.935Z","dateReserved":"2026-04-08T13:21:06.990Z","dateUpdated":"2026-04-08T16:02:03.590Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-08 14:16:32","lastModifiedDate":"2026-04-08 21:26:13","problem_types":["CWE-226","CWE-287","CWE-226 CWE-226 Sensitive information in resource not removed before reuse","CWE-287 CWE-287 Improper Authentication"],"metrics":{"cvssMetricV31":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"5795","Ordinal":"1","Title":"CVE-2026-5795","CVE":"CVE-2026-5795","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"5795","Ordinal":"1","NoteData":"In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable.\n\n\nUpon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals.\n\n\nA subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation.","Type":"Description","Title":"CVE-2026-5795"}]}}}