<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cve-2026-5795 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/cve-2026-5795/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 03 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/cve-2026-5795/feed.xml" rel="self" type="application/rss+xml"/><item><title>Eclipse Jetty JASPIAuthenticator ThreadLocal Privilege Escalation (CVE-2026-5795)</title><link>https://feed.craftedsignal.io/briefs/2024-01-jetty-privesc/</link><pubDate>Wed, 03 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-jetty-privesc/</guid><description>Eclipse Jetty is vulnerable to broken access control and privilege escalation due to improper handling of ThreadLocal variables within the JASPIAuthenticator, potentially leading to unauthorized access.</description><content:encoded><![CDATA[<p>CVE-2026-5795 describes a vulnerability in Eclipse Jetty related to improper handling of ThreadLocal variables within the <code>JASPIAuthenticator</code> class. When initiating authentication checks, the <code>JASPIAuthenticator</code> sets two ThreadLocal variables. Under specific conditions, the code prematurely returns without clearing these ThreadLocal variables. As a result, a subsequent request processed by the same thread inherits these ThreadLocal values from the previous request, leading to broken access control and privilege escalation. This vulnerability could allow an attacker to gain unauthorized access or elevated privileges within the Jetty application.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated user sends an initial request to the Jetty server.</li>
<li>The <code>JASPIAuthenticator</code> class initiates authentication checks for the request.</li>
<li>The <code>JASPIAuthenticator</code> sets ThreadLocal variables to store authentication-related data.</li>
<li>Due to specific conditions (e.g., an error or incomplete authentication), the <code>JASPIAuthenticator</code> returns early without clearing the ThreadLocal variables.</li>
<li>A subsequent request from a different user (or even the same user) is processed by the same thread.</li>
<li>The <code>JASPIAuthenticator</code> reuses the thread, inheriting the stale ThreadLocal values from the previous request.</li>
<li>The inherited ThreadLocal values bypass or alter the authentication checks, granting the subsequent request unauthorized access.</li>
<li>The attacker gains elevated privileges or access to sensitive data due to the broken access control.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of this vulnerability (CVE-2026-5795) results in broken access control and privilege escalation within the Eclipse Jetty server. An attacker could potentially gain unauthorized access to sensitive resources, perform actions on behalf of other users, or elevate their privileges to an administrative level. The exact impact depends on the specific configuration of the Jetty server and the resources it protects.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Apply the patch or upgrade to a version of Eclipse Jetty that addresses CVE-2026-5795 to remediate the vulnerability.</li>
<li>Monitor web server logs for anomalies related to authentication, particularly around the <code>JASPIAuthenticator</code> class, to detect potential exploitation attempts.</li>
<li>Implement robust authentication and authorization mechanisms in your Jetty applications to minimize the impact of potential access control bypasses.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>privilege escalation</category><category>webserver</category><category>cve-2026-5795</category></item></channel></rss>