๐Ÿ” CVE Alert

CVE-2026-15075

UNKNOWN 0.0
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In Eclipse Vert.x versions up to and including 4.5.29 (4.x branch) and 5.1.4 (5.x branch), DefaultRedirectHandler (vertx-core) propagates all request headers as-is across cross-origin HTTP 30x redirects. Only Content-Length is stripped; no origin comparison (scheme, host, port) is performed before copying headers to the redirect target. As a result, credential headers, including Authorization, Cookie, Proxy-Authorization, and arbitrary custom headers such as X-API-Token, are forwarded to the redirect destination without the caller's knowledge. An attacker who can cause a Vert.x HttpClient to issue a request that is redirected to an attacker-controlled host (for example, by supplying a URL to a webhook dispatcher, image proxy, or microservice URL fetcher) can capture bearer tokens, basic-auth credentials, session cookies, and API keys attached to the original request.

CWE CWE-200 CWE-346
Vendor eclipse foundation
Product eclipse vert.x
Published Jul 14, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for eclipse foundation eclipse vert.x

Be the first to know when new unknown vulnerabilities affecting eclipse foundation eclipse vert.x are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Eclipse Foundation / Eclipse Vert.x
4.0.0 โ‰ค 4.5.29 5.0.0 โ‰ค 5.1.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
gitlab.eclipse.org: https://gitlab.eclipse.org/security/cve-assignment/-/work_items/161