CVE-2026-6860
medium
CVSS v3
5.3
CVSS v2
—
VIR risk
5.3
Description
Vert.x has a DoS via unbounded server-side SNI SslContext cache growth
Predictions
Exploit likelihood
63%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: emo@eclipse.org — https://github.com/eclipse-vertx/vert.x/security/advisories/GHSA-3g76-f9xq-8vp6
Vendor advisory: emo@eclipse.org — https://github.com/eclipse-vertx/vert.x/pull/6102
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | io.vertx:vertx-core | >=4.3.4,<=4.3.8 | |
| Maven | io.vertx:vertx-core | >=4.4.0,<=4.4.9 | |
| Maven | io.vertx:vertx-core | >=4.5.0,<=4.5.25 | |
| Maven | io.vertx:vertx-core | >=5.0.0,<=5.0.8 | |
| MAVEN | io.vertx:vertx-core | >= 5.0.0, <= 5.0.8 | |
| MAVEN | io.vertx:vertx-core | >= 4.5.0, <= 4.5.25 | |
| MAVEN | io.vertx:vertx-core | >= 4.4.0, <= 4.4.9 | |
| MAVEN | io.vertx:vertx-core | >= 4.3.4, <= 4.3.8 | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| eclipse | vert.x | {"startIncluding":"4.3.4","endIncluding":"4.5.26"} | |
References
- https://github.com/eclipse-vertx/vert.x/pull/6102
- https://github.com/eclipse-vertx/vert.x/security/advisories/GHSA-3g76-f9xq-8vp6
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/381
- https://nvd.nist.gov/vuln/detail/CVE-2026-6860
- https://github.com/eclipse-vertx/vert.x
- https://github.com/advisories/GHSA-3g76-f9xq-8vp6
CWEs
CWE-770 CWE-295
Verify integrity in audit chain (admin only). AS-IS.