CVE-2026-5795: Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables
An unauthenticated user may gain ungrated privileges from a previous request (privilege escalation).
References
- github.com/advisories/GHSA-r7p8-xq5m-436c
- github.com/jetty/jetty.project
- github.com/jetty/jetty.project/security/advisories/GHSA-r7p8-xq5m-436c
- github.com/user-attachments/files/26118760/JaspiAuthenticator_Security_Report.pdf
- gitlab.eclipse.org/security/cve-assignment/-/issues/92
- nvd.nist.gov/vuln/detail/CVE-2026-5795
Code Behaviors & Features
Detect and mitigate CVE-2026-5795 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →