Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

RedHat Linux
RedHat Linuxadded 6 days ago7 views

org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

9.1CVSS5.8AI score0.00021EPSS
Exploits1References6
RedHat Linux
RedHat Linuxadded 2026/05/26 1:50 a.m.11 views

org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

9.1CVSS5.8AI score0.00021EPSS
Exploits1References6
RedHat Linux
RedHat Linuxadded 2026/05/14 4:55 p.m.2 views

org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

9.1CVSS5.8AI score0.00021EPSS
Exploits1References6
RedHat Linux
RedHat Linuxadded 2026/05/14 4:55 p.m.2 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS6.7AI score0.00028EPSS
Exploits1References8
RedHat Linux
RedHat Linuxadded 2026/05/06 5:58 p.m.5 views

org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...

9.1CVSS5.8AI score0.00021EPSS
Exploits1References6
RedHat Linux
RedHat Linuxadded 2026/04/16 3:32 p.m.7 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS5.8AI score0.00028EPSS
Exploits1References8
SUSE CVE
SUSE CVEadded 2026/04/15 8:35 a.m.2 views

SUSE CVE-2026-2332

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...

7.4CVSS5.8AI score0.00021EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2026/04/14 5:20 p.m.2 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS5.8AI score0.00028EPSS
Exploits1References8
Vulnrichment
Vulnrichmentadded 2026/04/14 10:59 a.m.1 views

CVE-2026-2332 HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...

7.4CVSS5.8AI score0.00021EPSS
Exploits1References2
CVE
CVEadded 2026/04/14 10:59 a.m.73 views

CVE-2026-2332

In the provided records, CVE-2026-2332 is a Jetty HTTP/1.1 parser vulnerability allowing request smuggling via chunked extension quoted-strings. The issue arises when chunk extensions are parsed and a CRLF occurs inside quotes, enabling a smuggled request across requests on a single connection. D...

9.1CVSS5.8AI score0.00021EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/04/14 10:59 a.m.24 views

CVE-2026-2332 HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...

7.4CVSS0.00021EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/04/14 12:0 a.m.5 views

Eclipse Jetty 环境问题漏洞

Eclipse Jetty is an open-source Java-based web server and Java Servlet container developed by the Eclipse Foundation. Eclipse Jetty has a vulnerability related to environmental issues, which stems from the HTTP/1.1 parser’s request interception vulnerability when using chunked extensions...

9.1CVSS5.8AI score0.00021EPSS
Exploits1References2
NVD
NVDadded 2026/03/27 8:16 p.m.1 views

CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS0.00028EPSS
Exploits1References4
OSV
OSVadded 2026/03/27 8:16 p.m.2 views

UBUNTU-CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS5.8AI score0.00028EPSS
Exploits1References6
CVE
CVEadded 2026/03/27 7:54 p.m.360 views

CVE-2026-33870

Netty HTTP request smuggling vulnerability (CVE-2026-33870) arises from how Netty versions prior to 4.1.132.Final and 4.2.10.Final parse quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. The IBM and OSS/Ecosystem advisories in the connected...

7.5CVSS5.8AI score0.00028EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2026/03/27 7:54 p.m.21 views

CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS0.00028EPSS
Exploits1References4
Debian CVE
Debian CVEadded 2026/03/27 7:54 p.m.4 views

CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS8.2AI score0.00028EPSS
Exploits1
OSV
OSVadded 2026/03/27 7:54 p.m.8 views

CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS5.9AI score0.00028EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2026/03/26 6:48 p.m.19 views

Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

Summary Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Background This vulnerability is a new variant discovered during research into the "Funky Chunks" HTTP request smuggling techniques: - - The original researc...

7.5CVSS6AI score0.00028EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blogadded 2022/04/04 9:29 p.m.28 views

Inconsistent Interpretation of HTTP Requests in twisted.web

The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230: 1. The Content-Length header value could have a + or - prefix. 2. Illegal characters were permitted in chunked extensions, such as the LF \n...

8.1CVSS8.3AI score0.01107EPSS
Exploits0References12Affected Software1
Rows per page
Query Builder