{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2332", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "state": "PUBLISHED", "assignerShortName": "eclipse", "dateReserved": "2026-02-11T09:56:25.879Z", "datePublished": "2026-04-14T10:59:10.193Z", "dateUpdated": "2026-04-14T13:14:16.734Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2026-04-14T10:59:10.193Z"}, "title": "HTTP Request Smuggling via Chunked Extension Quoted-String Parsing", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-444", "description": "CWE-444 Inconsistent interpretation of HTTP requests ('HTTP Request/Response smuggling')", "type": "CWE"}]}], "affected": [{"vendor": "Eclipse Foundation", "product": "Eclipse Jetty", "collectionURL": "https://repo.maven.apache.org/maven2", "packageName": "pkg://maven/org.eclipse.jetty/jetty-http", "repo": "https://github.com/jetty/jetty.project", "versions": [{"status": "affected", "version": "12.1.0", "lessThanOrEqual": "12.1.6", "versionType": "semver"}, {"status": "affected", "version": "12.0.0", "lessThanOrEqual": "12.0.32", "versionType": "semver"}, {"status": "affected", "version": "11.0.0", "lessThanOrEqual": "11.0.27", "versionType": "semver"}, {"status": "affected", "version": "10.0.0", "lessThanOrEqual": "10.0.27", "versionType": "semver"}, {"status": "affected", "version": "9.4.0", "lessThanOrEqual": "9.4.59", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n * https://w4ke.info/2025/06/18/funky-chunks.html\n\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at\u00a0\\r\\n\u00a0inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:<br><ul><li><span>https://w4ke.info/2025/06/18/funky-chunks.html</span><br></li><li><span>https://w4ke.info/2025/10/29/funky-chunks-2.html</span></li></ul>Jetty terminates chunk extension parsing at&nbsp;<code>\\r\\n</code>&nbsp;inside quoted strings instead of treating this as an error.<br><br>\n<pre>POST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n</pre>\n\n<div><br>Note how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.<br></div>"}]}], "references": [{"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf", "tags": ["third-party-advisory"]}, {"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89", "tags": ["issue-tracking"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}}], "credits": [{"lang": "en", "value": "https://github.com/xclow3n", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2332", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T13:06:34.622366Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:14:16.734Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2332", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T13:06:34.622366Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T13:08:48.379Z"}}], "cna": {"title": "HTTP Request Smuggling via Chunked Extension Quoted-String Parsing", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "https://github.com/xclow3n"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/jetty/jetty.project", "vendor": "Eclipse Foundation", "product": "Eclipse Jetty", "versions": [{"status": "affected", "version": "12.1.0", "versionType": "semver", "lessThanOrEqual": "12.1.6"}, {"status": "affected", "version": "12.0.0", "versionType": "semver", "lessThanOrEqual": "12.0.32"}, {"status": "affected", "version": "11.0.0", "versionType": "semver", "lessThanOrEqual": "11.0.27"}, {"status": "affected", "version": "10.0.0", "versionType": "semver", "lessThanOrEqual": "10.0.27"}, {"status": "affected", "version": "9.4.0", "versionType": "semver", "lessThanOrEqual": "9.4.59"}], "packageName": "pkg://maven/org.eclipse.jetty/jetty-http", "collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf", "tags": ["third-party-advisory"]}, {"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89", "tags": ["issue-tracking"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n * https://w4ke.info/2025/06/18/funky-chunks.html\n\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at\u00a0\\r\\n\u00a0inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.", "supportingMedia": [{"type": "text/html", "value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:<br><ul><li><span>https://w4ke.info/2025/06/18/funky-chunks.html</span><br></li><li><span>https://w4ke.info/2025/10/29/funky-chunks-2.html</span></li></ul>Jetty terminates chunk extension parsing at&nbsp;<code>\\r\\n</code>&nbsp;inside quoted strings instead of treating this as an error.<br><br>\n<pre>POST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n</pre>\n\n<div><br>Note how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.<br></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444 Inconsistent interpretation of HTTP requests ('HTTP Request/Response smuggling')"}]}], "providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2026-04-14T10:59:10.193Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2332", "state": "PUBLISHED", "dateUpdated": "2026-04-14T13:14:16.734Z", "dateReserved": "2026-02-11T09:56:25.879Z", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "datePublished": "2026-04-14T10:59:10.193Z", "assignerShortName": "eclipse"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n * https://w4ke.info/2025/06/18/funky-chunks.html\n\n * https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at\u00a0\\r\\n\u00a0inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request."}], "id": "CVE-2026-2332", "lastModified": "2026-04-14T12:16:21.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "emo@eclipse.org", "type": "Secondary"}]}, "published": "2026-04-14T12:16:21.333", "references": [{"source": "emo@eclipse.org", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf"}, {"source": "emo@eclipse.org", "url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/89"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "emo@eclipse.org", "type": "Primary"}]}

{}

{}