← Back
2026-05-06 9:55CVE-2026-6860eclipse
PUBLISHED5.2

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.

Affected products

Eclipse Foundation

Eclipse Vert.x

<= 4.5.26 - AFFECTED

<= 5.0.11 - AFFECTED

References

gitlab.eclipse.org

https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/381

github.com

https://github.com/eclipse-vertx/vert.x/security/advisories/GHSA-3g76-f9xq-8vp6

github.com

https://github.com/eclipse-vertx/vert.x/pull/6102

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-6860
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-6860",
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "dateUpdated": "2026-05-06T09:55:12.531Z",
    "dateReserved": "2026-04-22T13:02:37.222Z",
    "datePublished": "2026-05-06T09:55:12.531Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse",
        "dateUpdated": "2026-05-06T09:55:12.531Z"
      },
      "descriptions": [
        {
          "lang": "en",
          "value": "A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used."
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "Eclipse Foundation",
          "product": "Eclipse Vert.x",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "4.3.4",
              "status": "affected",
              "versionType": "semver",
              "lessThanOrEqual": "4.5.26"
            },
            {
              "version": "5.0.0",
              "status": "affected",
              "versionType": "semver",
              "lessThanOrEqual": "5.0.11"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/381"
        },
        {
          "url": "https://github.com/eclipse-vertx/vert.x/security/advisories/GHSA-3g76-f9xq-8vp6"
        },
        {
          "url": "https://github.com/eclipse-vertx/vert.x/pull/6102"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jihun Kim",
          "type": "finder"
        }
      ]
    }
  }
}