{"id":"CVE-2026-2332","summary":"HTTP Request Smuggling via Chunked Extension Quoted-String Parsing","details":"In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the \"funky chunks\" techniques outlined here:\n  *  https://w4ke.info/2025/06/18/funky-chunks.html\n\n  *  https://w4ke.info/2025/10/29/funky-chunks-2.html\n\n\nJetty terminates chunk extension parsing at \\r\\n inside quoted strings instead of treating this as an error.\n\n\nPOST / HTTP/1.1\nHost: localhost\nTransfer-Encoding: chunked\n\n1;ext=\"val\nX\n0\n\nGET /smuggled HTTP/1.1\n...\n\n\n\n\n\nNote how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.","aliases":["GHSA-355h-qmc2-wpwf"],"modified":"2026-05-28T03:52:47.092885447Z","published":"2026-04-14T10:59:10.193Z","related":["CGA-5h9p-26x9-27gj","SUSE-SU-2026:1751-1","openSUSE-SU-2026:10574-1"],"database_specific":{"unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"11.0.0"},{"last_affected":"11.0.27"},{"introduced":"10.0.0"},{"last_affected":"10.0.27"},{"introduced":"9.4.0"},{"last_affected":"9.4.59"}]}],"cna_assigner":"eclipse","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/2xxx/CVE-2026-2332.json","cwe_ids":["CWE-444"]},"references":[{"type":"WEB","url":"https://repo.maven.apache.org/maven2"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/2xxx/CVE-2026-2332.json"},{"type":"ADVISORY","url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2332"},{"type":"REPORT","url":"https://gitlab.eclipse.org/security/cve-assignment/-/issues/89"},{"type":"PACKAGE","url":"https://github.com/jetty/jetty.project"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jetty/jetty.project","events":[{"introduced":"28100e8da711e44c0722ed10bd413ae862497539"},{"fixed":"8e2e9db9edceef93d37a63814ed06b921eb7f23d"}]}],"versions":["jetty-12.1.5","jetty-12.1.4","jetty-12.1.2","jetty-12.1.0.beta1","jetty-12.0.6","jetty-12.0.5","jetty-12.0.0x"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-2332.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}