PatchSiren

Eclipse CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Eclipse CVE published 2026-03-05

CVE-2026-1605

CVE-2026-1605 is a high-severity vulnerability in Eclipse Jetty, specifically affecting the GzipHandler component. The vulnerability occurs when a compressed HTTP request with Content-Encoding: gzip is processed, and the corresponding response is not compressed. This causes a resource leak because the JDK Inflater is allocated for decompression but not released, as the release mechanism is tied to the com [truncated]