Medium severity5.3NVD Advisory· Published May 6, 2026· Updated May 12, 2026
CVE-2026-6860
CVE-2026-6860
Description
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.vertx:vertx-coreMaven | >= 4.3.4, <= 4.3.8 | — |
io.vertx:vertx-coreMaven | >= 4.4.0, <= 4.4.9 | — |
io.vertx:vertx-coreMaven | >= 4.5.0, < 4.5.27 | 4.5.27 |
io.vertx:vertx-coreMaven | >= 5.0.0, < 5.0.12 | 5.0.12 |
Affected products
48- osv-coords46 versionspkg:apk/chainguard/apache-camel-karavan-devmodepkg:apk/chainguard/apache-pulsar-4.0pkg:apk/chainguard/apache-pulsar-4.1pkg:apk/chainguard/apache-pulsar-4.2pkg:apk/chainguard/apache-pulsar-fips-4.0pkg:apk/chainguard/apache-pulsar-fips-4.2pkg:apk/chainguard/apicurio-registrypkg:apk/chainguard/kafka-bridgepkg:apk/chainguard/keycloak-26.6pkg:apk/chainguard/keycloak-26.6-iamguarded-compatpkg:apk/chainguard/keycloak-26.6-operatorpkg:apk/chainguard/keycloak-fips-26.6pkg:apk/chainguard/keycloak-fips-26.6-iamguarded-fipspkg:apk/chainguard/keycloak-fips-26.6-operatorpkg:apk/chainguard/knative-kafka-broker-1.20-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.20-receiver-loompkg:apk/chainguard/knative-kafka-broker-1.21-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.21-receiver-loompkg:apk/chainguard/knative-kafka-broker-1.22-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.22-receiver-loompkg:apk/chainguard/knative-kafka-broker-fips-1.20-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-fips-1.20-receiver-loompkg:apk/chainguard/knative-kafka-broker-fips-1.21-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-fips-1.21-receiver-loompkg:apk/chainguard/knative-kafka-broker-fips-1.22-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-fips-1.22-receiver-loompkg:apk/chainguard/request-9047-keycloak-fips-26.5pkg:apk/chainguard/request-9047-keycloak-fips-26.5-iamguarded-fipspkg:apk/chainguard/request-9047-keycloak-fips-26.5-operatorpkg:apk/chainguard/spark-4.0-scala-2.13pkg:apk/chainguard/spark-4.1-scala-2.13pkg:apk/chainguard/spark-fips-4.1-scala-2.13pkg:apk/chainguard/spark-kubernetes-operatorpkg:apk/chainguard/wildfly-openjdk-17pkg:apk/chainguard/wildfly-openjdk-21pkg:apk/wolfi/apache-pulsar-4.1pkg:apk/wolfi/apache-pulsar-4.2pkg:apk/wolfi/apicurio-registrypkg:apk/wolfi/keycloak-26.6pkg:apk/wolfi/keycloak-26.6-iamguarded-compatpkg:apk/wolfi/keycloak-26.6-operatorpkg:apk/wolfi/spark-4.0-scala-2.13pkg:apk/wolfi/spark-4.1-scala-2.13pkg:apk/wolfi/wildfly-openjdk-17pkg:apk/wolfi/wildfly-openjdk-21pkg:maven/io.vertx/vertx-core
< 4.14.2-r8+ 45 more
- (no CPE)range: < 4.14.2-r8
- (no CPE)range: < 4.0.10-r0
- (no CPE)range: < 4.1.3-r11
- (no CPE)range: < 4.2.2-r0
- (no CPE)range: < 4.0.11-r0
- (no CPE)range: < 4.2.1-r2
- (no CPE)range: < 3.2.4-r1
- (no CPE)range: < 1.0.0-r3
- (no CPE)range: < 26.6.1-r5
- (no CPE)range: < 26.6.1-r5
- (no CPE)range: < 26.6.1-r5
- (no CPE)range: < 26.6.2-r0
- (no CPE)range: < 26.6.2-r0
- (no CPE)range: < 26.6.2-r0
- (no CPE)range: < 1.20.3-r6
- (no CPE)range: < 1.20.3-r6
- (no CPE)range: < 1.21.4-r5
- (no CPE)range: < 1.21.4-r5
- (no CPE)range: < 1.22.1-r7
- (no CPE)range: < 1.22.1-r7
- (no CPE)range: < 1.20.3-r6
- (no CPE)range: < 1.20.3-r6
- (no CPE)range: < 1.21.3-r10
- (no CPE)range: < 1.21.3-r10
- (no CPE)range: < 1.22.1-r5
- (no CPE)range: < 1.22.1-r5
- (no CPE)range: < 26.5.7-r3
- (no CPE)range: < 26.5.7-r3
- (no CPE)range: < 26.5.7-r3
- (no CPE)range: < 4.0.2-r11
- (no CPE)range: < 4.1.2-r3
- (no CPE)range: < 4.1.1-r13
- (no CPE)range: < 0.8.0-r2
- (no CPE)range: < 40.0.0-r0
- (no CPE)range: < 40.0.0-r0
- (no CPE)range: < 4.1.3-r11
- (no CPE)range: < 4.2.2-r0
- (no CPE)range: < 3.2.4-r1
- (no CPE)range: < 26.6.1-r5
- (no CPE)range: < 26.6.1-r5
- (no CPE)range: < 26.6.1-r5
- (no CPE)range: < 4.0.2-r11
- (no CPE)range: < 4.1.2-r3
- (no CPE)range: < 40.0.0-r0
- (no CPE)range: < 40.0.0-r0
- (no CPE)range: >= 4.3.4, <= 4.3.8
Patches
Vulnerability mechanics
References
7- github.com/eclipse-vertx/vert.x/pull/6102nvdIssue TrackingPatchWEB
- gitlab.eclipse.org/security/vulnerability-reports/-/issues/381nvdExploitIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-3g76-f9xq-8vp6ghsaADVISORY
- github.com/eclipse-vertx/vert.x/security/advisories/GHSA-3g76-f9xq-8vp6nvdVendor AdvisoryExploitWEB
- nvd.nist.gov/vuln/detail/CVE-2026-6860ghsaADVISORY
- vertx.io/blog/eclipse-vert-x-4-5-27ghsaWEB
- vertx.io/blog/eclipse-vert-x-5-0-12ghsaWEB
News mentions
0No linked articles in our index yet.