{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5795/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.4,"id":"CVE-2026-5795"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Jetty"],"_cs_severities":["high"],"_cs_tags":["privilege escalation","webserver","cve-2026-5795"],"_cs_type":"advisory","_cs_vendors":["Eclipse"],"content_html":"\u003cp\u003eCVE-2026-5795 describes a vulnerability in Eclipse Jetty related to improper handling of ThreadLocal variables within the \u003ccode\u003eJASPIAuthenticator\u003c/code\u003e class. When initiating authentication checks, the \u003ccode\u003eJASPIAuthenticator\u003c/code\u003e sets two ThreadLocal variables. Under specific conditions, the code prematurely returns without clearing these ThreadLocal variables. As a result, a subsequent request processed by the same thread inherits these ThreadLocal values from the previous request, leading to broken access control and privilege escalation. This vulnerability could allow an attacker to gain unauthorized access or elevated privileges within the Jetty application.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated user sends an initial request to the Jetty server.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eJASPIAuthenticator\u003c/code\u003e class initiates authentication checks for the request.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eJASPIAuthenticator\u003c/code\u003e sets ThreadLocal variables to store authentication-related data.\u003c/li\u003e\n\u003cli\u003eDue to specific conditions (e.g., an error or incomplete authentication), the \u003ccode\u003eJASPIAuthenticator\u003c/code\u003e returns early without clearing the ThreadLocal variables.\u003c/li\u003e\n\u003cli\u003eA subsequent request from a different user (or even the same user) is processed by the same thread.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eJASPIAuthenticator\u003c/code\u003e reuses the thread, inheriting the stale ThreadLocal values from the previous request.\u003c/li\u003e\n\u003cli\u003eThe inherited ThreadLocal values bypass or alter the authentication checks, granting the subsequent request unauthorized access.\u003c/li\u003e\n\u003cli\u003eThe attacker gains elevated privileges or access to sensitive data due to the broken access control.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-5795) results in broken access control and privilege escalation within the Eclipse Jetty server. An attacker could potentially gain unauthorized access to sensitive resources, perform actions on behalf of other users, or elevate their privileges to an administrative level. The exact impact depends on the specific configuration of the Jetty server and the resources it protects.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to a version of Eclipse Jetty that addresses CVE-2026-5795 to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for anomalies related to authentication, particularly around the \u003ccode\u003eJASPIAuthenticator\u003c/code\u003e class, to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement robust authentication and authorization mechanisms in your Jetty applications to minimize the impact of potential access control bypasses.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-jetty-privesc/","summary":"Eclipse Jetty is vulnerable to broken access control and privilege escalation due to improper handling of ThreadLocal variables within the JASPIAuthenticator, potentially leading to unauthorized access.","title":"Eclipse Jetty JASPIAuthenticator ThreadLocal Privilege Escalation (CVE-2026-5795)","url":"https://feed.craftedsignal.io/briefs/2024-01-jetty-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed - Cve-2026-5795","version":"https://jsonfeed.org/version/1.1"}