Jetty
This hub aggregates every CVE we track for Jetty, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
69
CVEs tracked
4
Critical
22
High
1
In CISA KEV
Severity distribution
MEDIUM34HIGH22LOW9CRITICAL4
Monthly trend
0
0
4
0
0
0
0
0
0
2
0
0
1
0
0
0
0
0
0
2
2
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Jetty.
- CVE-2026-2332HTTP Request Smuggling via Chunked Extension Quoted-String Parsing7.4
- CVE-2026-5795In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an ...7.4
- CVE-2026-1605In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the correspondin...7.5
- CVE-2025-11143The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in secur...3.7
- CVE-2025-5115MadeYouReset HTTP/2 vulnerability7.5
- CVE-2025-1948Eclipse Jetty HTTP clients can increase memory allocation7.5
- CVE-2024-13009Eclipse Jetty GZIP buffer release7.2
- CVE-2024-8184Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks5.9
- CVE-2024-6762Jetty PushSessionCacheFilter can cause remote DoS attacks3.1
- CVE-2024-6763Jetty URI parsing of invalid authority3.7
- CVE-2024-9823Jetty DOS vulnerability on DosFilter5.3
- CVE-2024-22201Jetty connection leaking on idle timeout when TCP congested7.5
- CVE-2023-36478HTTP/2 HPACK integer overflow and buffer allocation7.5
- CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5
- CVE-2023-41900Jetty's OpenId Revoked authentication allows one request3.5
Product normalization is registry-driven with AI assist and human review. How it works