CVE-2026-1605: The Eclipse Jetty Server Artifact has a Gzip request memory leak

March 5, 2026

The leak causes the JVM to crash with OOME.

References

github.com/advisories/GHSA-xxh7-fcf3-rj7f
github.com/jetty/jetty.project
github.com/jetty/jetty.project/issues/14260
github.com/jetty/jetty.project/security/advisories/GHSA-xxh7-fcf3-rj7f
gitlab.eclipse.org/security/cve-assignment/-/issues/79
nvd.nist.gov/vuln/detail/CVE-2026-1605

Code Behaviors & Features

Detect and mitigate CVE-2026-1605 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →