TLS SNI Wildcard Enumeration via TCP Client in Eclipse
CVE-2026-6860 Published on May 6, 2026
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.
Products Associated with CVE-2026-6860
Want to know whenever a new CVE is published for Eclipse Vert X? stack.watch will email you.
Affected Versions
Eclipse Foundation Eclipse Vert.x:- Version 4.3.4, <= 4.5.26 is affected.
- Version 5.0.0, <= 5.0.11 is affected.