In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing at \r\n inside quoted strings instead of treating this as an error. POST / HTTP/1.1 Host: localhost Transfer-Encoding: chunked 1;ext="val X 0 GET /smuggled HTTP/1.1 ... Note how the chunk extension does not close the double quotes, and it is able to inject a smuggled request.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20568 advisory.

    JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables     efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain     enables developers and administrators to collect and analyze data from Java applications running locally     or deployed in production environments.

    Security Fix(es):

    * lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing (CVE-2025-66566)

    * org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing     (CVE-2026-2332)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1751-1 advisory.

    - CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk     extensions are used, similar to the 'funky chunks' techniques (bsc#1262115).
    - CVE-2026-5795: Fixed JaspiAuthenticator broken access control (bsc#1261997).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used,     similar to the funky chunks techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html *     https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing at \r\n inside     quoted strings instead of treating this as an error. POST / HTTP/1.1 Host: localhost Transfer-Encoding:
    chunked 1;ext=val X 0 GET /smuggled HTTP/1.1 ... Note how the chunk extension does not close the double     quotes, and it is able to inject a smuggled request. (CVE-2026-2332)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
317002	RHEL 9 : jmc (RHSA-2026:20568)	Nessus	Red Hat Local Security Checks	high
313660	SUSE SLED15 / SLES15 Security Update : jetty-minimal (SUSE-SU-2026:1751-1)	Nessus	SuSE Local Security Checks	critical
306471	Linux Distros Unpatched Vulnerability : CVE-2026-2332	Nessus	Misc.	critical

Detections

Analytics

CVE-2026-2332

critical

Tenable Plugins

high

critical

critical