CVE-2026-6860

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.

Vendor	eclipse foundation
Product	eclipse vert.x
Published	May 6, 2026

Stay Ahead of the Next One

Get instant alerts for eclipse foundation eclipse vert.x

Be the first to know when new unknown vulnerabilities affecting eclipse foundation eclipse vert.x are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Eclipse Foundation / Eclipse Vert.x

4.3.4 ≤ 4.5.26 5.0.0 ≤ 5.0.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

gitlab.eclipse.org: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/381 github.com: https://github.com/eclipse-vertx/vert.x/security/advisories/GHSA-3g76-f9xq-8vp6 github.com: https://github.com/eclipse-vertx/vert.x/pull/6102

Credits

Jihun Kim