Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-8384

In Eclipse Jetty, an HTTP URI of this form: /public;/../admin/secret.txt results in an unresolved path of: /public/../admin/secret.txt instead of the expected: /admin/secret.txt Jetty itself is not affected, as it will not serve the secret.txt file because it will not pass the alias checker (only resolved resources are served). However, web applications that rely on resolved paths being provided by Jetty may be confused when receiving an unresolved path.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 9.0%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2026-8384
  • Eclipse » Jetty » Version: 12.0.0
    cpe:2.3:a:eclipse:jetty:12.0.0
  • Eclipse » Jetty » Version: 12.0.1
    cpe:2.3:a:eclipse:jetty:12.0.1
  • Eclipse » Jetty » Version: 12.0.10
    cpe:2.3:a:eclipse:jetty:12.0.10
  • Eclipse » Jetty » Version: 12.0.11
    cpe:2.3:a:eclipse:jetty:12.0.11
  • Eclipse » Jetty » Version: 12.0.12
    cpe:2.3:a:eclipse:jetty:12.0.12
  • Eclipse » Jetty » Version: 12.0.13
    cpe:2.3:a:eclipse:jetty:12.0.13
  • Eclipse » Jetty » Version: 12.0.14
    cpe:2.3:a:eclipse:jetty:12.0.14
  • Eclipse » Jetty » Version: 12.0.15
    cpe:2.3:a:eclipse:jetty:12.0.15
  • Eclipse » Jetty » Version: 12.0.16
    cpe:2.3:a:eclipse:jetty:12.0.16
  • Eclipse » Jetty » Version: 12.0.17
    cpe:2.3:a:eclipse:jetty:12.0.17
  • Eclipse » Jetty » Version: 12.0.18
    cpe:2.3:a:eclipse:jetty:12.0.18
  • Eclipse » Jetty » Version: 12.0.19
    cpe:2.3:a:eclipse:jetty:12.0.19
  • Eclipse » Jetty » Version: 12.0.2
    cpe:2.3:a:eclipse:jetty:12.0.2
  • Eclipse » Jetty » Version: 12.0.20
    cpe:2.3:a:eclipse:jetty:12.0.20
  • Eclipse » Jetty » Version: 12.0.21
    cpe:2.3:a:eclipse:jetty:12.0.21
  • Eclipse » Jetty » Version: 12.0.22
    cpe:2.3:a:eclipse:jetty:12.0.22
  • Eclipse » Jetty » Version: 12.0.23
    cpe:2.3:a:eclipse:jetty:12.0.23
  • Eclipse » Jetty » Version: 12.0.24
    cpe:2.3:a:eclipse:jetty:12.0.24
  • Eclipse » Jetty » Version: 12.0.25
    cpe:2.3:a:eclipse:jetty:12.0.25
  • Eclipse » Jetty » Version: 12.0.26
    cpe:2.3:a:eclipse:jetty:12.0.26
  • Eclipse » Jetty » Version: 12.0.27
    cpe:2.3:a:eclipse:jetty:12.0.27
  • Eclipse » Jetty » Version: 12.0.28
    cpe:2.3:a:eclipse:jetty:12.0.28
  • Eclipse » Jetty » Version: 12.0.29
    cpe:2.3:a:eclipse:jetty:12.0.29
  • Eclipse » Jetty » Version: 12.0.3
    cpe:2.3:a:eclipse:jetty:12.0.3
  • Eclipse » Jetty » Version: 12.0.30
    cpe:2.3:a:eclipse:jetty:12.0.30
  • Eclipse » Jetty » Version: 12.0.31
    cpe:2.3:a:eclipse:jetty:12.0.31
  • Eclipse » Jetty » Version: 12.0.32
    cpe:2.3:a:eclipse:jetty:12.0.32
  • Eclipse » Jetty » Version: 12.0.33
    cpe:2.3:a:eclipse:jetty:12.0.33
  • Eclipse » Jetty » Version: 12.0.34
    cpe:2.3:a:eclipse:jetty:12.0.34
  • Eclipse » Jetty » Version: 12.0.4
    cpe:2.3:a:eclipse:jetty:12.0.4
  • Eclipse » Jetty » Version: 12.0.5
    cpe:2.3:a:eclipse:jetty:12.0.5
  • Eclipse » Jetty » Version: 12.0.6
    cpe:2.3:a:eclipse:jetty:12.0.6
  • Eclipse » Jetty » Version: 12.0.7
    cpe:2.3:a:eclipse:jetty:12.0.7
  • Eclipse » Jetty » Version: 12.0.8
    cpe:2.3:a:eclipse:jetty:12.0.8
  • Eclipse » Jetty » Version: 12.0.9
    cpe:2.3:a:eclipse:jetty:12.0.9
  • Eclipse » Jetty » Version: 12.1.0
    cpe:2.3:a:eclipse:jetty:12.1.0
  • Eclipse » Jetty » Version: 12.1.1
    cpe:2.3:a:eclipse:jetty:12.1.1
  • Eclipse » Jetty » Version: 12.1.2
    cpe:2.3:a:eclipse:jetty:12.1.2
  • Eclipse » Jetty » Version: 12.1.3
    cpe:2.3:a:eclipse:jetty:12.1.3
  • Eclipse » Jetty » Version: 12.1.4
    cpe:2.3:a:eclipse:jetty:12.1.4
  • Eclipse » Jetty » Version: 12.1.5
    cpe:2.3:a:eclipse:jetty:12.1.5
  • Eclipse » Jetty » Version: 12.1.6
    cpe:2.3:a:eclipse:jetty:12.1.6
  • Eclipse » Jetty » Version: 12.1.7
    cpe:2.3:a:eclipse:jetty:12.1.7
  • Eclipse » Jetty » Version: 12.1.8
    cpe:2.3:a:eclipse:jetty:12.1.8


Contact Us

Shodan ® - All rights reserved