Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Eclipse Foundation — Vulnerabilities & Security Advisories 95

Browse all 95 CVE security advisories affecting Eclipse Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Eclipse Foundation operates as a non-profit organization managing an open-source ecosystem, primarily hosting the Eclipse Integrated Development Environment (IDE) and related tooling. Its infrastructure supports a vast array of plugins and projects, creating a complex attack surface that has historically resulted in numerous security vulnerabilities. Recorded Common Vulnerabilities and Exposures (CVEs) frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation errors or insecure default configurations within specific plugins rather than the core platform itself. While the Foundation maintains rigorous governance and security advisory processes, the decentralized nature of its project portfolio means individual components may lag in patching. Notable incidents have highlighted risks associated with supply chain dependencies and outdated libraries within the broader ecosystem. Consequently, users must prioritize regular updates and strict plugin vetting to mitigate exposure to these historically common vulnerability classes.

Top products by Eclipse Foundation: ThreadX NetX Duo Eclipse Glassfish Jetty Mosquitto Eclipse Jetty USBX Eclipse OMR Eclipse BaSyx Eclipse OpenMQ Vert.x NextX Duo Eclipse Vert.x Open J9 Eclipse OpenJ9 OpenJ9 Glassfish Parsson Eclipse Kura Installer Eclipse Ditto Eclipse KUKSA - Databroker Eclipse JGit Eclipse Theia - Website Eclipse ThreadX - USBX Eclipse ThreadX Eclipse ThreadX - NetX Duo BlueChi paho.mqtt.golang (Go MQTT v3.1 library) Jersey Eclipse RAP
CVE IDTitleCVSSSeverityPublished
CVE-2026-6860 Eclipse Vert.x 安全漏洞 — Eclipse Vert.x 9.1AICriticalAI2026-05-06
CVE-2026-7412 Eclipse BaSyx Java Server SDK 代码问题漏洞 — Eclipse BaSyxCWE-918 8.6 High2026-05-05
CVE-2026-7411 Eclipse BaSyx Java Server SDK 路径遍历漏洞 — Eclipse BaSyxCWE-22 10.0 Critical2026-05-05
CVE-2026-6918 Eclipse OpenJ9 缓冲区错误漏洞 — Eclipse OpenJ9CWE-125 6.5 -2026-05-05
CVE-2026-6272 KUKSA.val 访问控制错误漏洞 — Eclipse KUKSA - DatabrokerCWE-306 7.1AIHighAI2026-04-24
CVE-2026-2332 HTTP Request Smuggling via Chunked Extension Quoted-String Parsing — Eclipse JettyCWE-444 7.4 High2026-04-14
CVE-2026-5795 Eclipse Jetty 授权问题漏洞 — Eclipse JettyCWE-226 7.4 High2026-04-08
CVE-2026-24457 OpenMQ 安全漏洞 — Eclipse OpenMQCWE-22 9.1 Critical2026-03-05
CVE-2026-1605 Eclipse Jetty 安全漏洞 — Eclipse JettyCWE-400 7.5 High2026-03-05
CVE-2025-11143 Eclipse Jetty 输入验证错误漏洞 — Eclipse JettyCWE-20 3.7 Low2026-03-05
CVE-2026-22886 OpenMQ 安全漏洞 — Eclipse OpenMQCWE-1392 9.8 Critical2026-03-03
CVE-2026-1699 Eclipse Theia - Website 安全漏洞 — Eclipse Theia - WebsiteCWE-829 10.0 Critical2026-01-30
CVE-2026-1188 Eclipse OMR 安全漏洞 — Eclipse OMRCWE-131 9.8AICriticalAI2026-01-29
CVE-2026-0648 Eclipse ThreadX USBX 安全漏洞 — Eclipse ThreadXCWE-253 7.8 High2026-01-27
CVE-2025-55095 Eclipse ThreadX USBX 安全漏洞 — Eclipse ThreadX - USBXCWE-121 4.2 Medium2026-01-27
CVE-2025-55102 Eclipse ThreadX NetX Duo 安全漏洞 — Eclipse ThreadX - NetX DuoCWE-400 7.5AIHighAI2026-01-27
CVE-2025-2515 Bluechi: privilege escalation in bluechi via unrestricted cross-node systemd dependencies — BlueChiCWE-863 7.2 High2025-12-24
CVE-2025-10543 Eclipse Paho Go MQTT v3.1 library 安全漏洞 — paho.mqtt.golang (Go MQTT v3.1 library)CWE-681 7.5AIHighAI2025-12-02
CVE-2025-12383 Race Condition allows Bypass of Trust Restrictions — JerseyCWE-362 7.4AIHighAI2025-11-18
CVE-2025-11965 Eclipse Vert.x 安全漏洞 — Vert.xCWE-552 7.5AIHighAI2025-10-22
CVE-2025-11966 Eclipse Vert.x 安全漏洞 — Vert.xCWE-79 5.4AIMediumAI2025-10-22
CVE-2025-55086 Eclipse ThreadX NetX Duo 安全漏洞 — NextX DuoCWE-1285 9.1AICriticalAI2025-10-20
CVE-2025-55085 Web http client: Unchecked Server-Side Malicious Packet Issue — NetX DuoCWE-125 9.8AICriticalAI2025-10-17
CVE-2025-55087 Eclipse ThreadX NetX Duo 安全漏洞 — NextX DuoCWE-1285 7.1AIHighAI2025-10-17
CVE-2025-55100 Potential out-of-bounds read in _ux_host_class_audio10_sam_parse_func() — USBXCWE-125 8.2AIHighAI2025-10-17
CVE-2025-55099 Potential out-of-bounds read in _ux_host_class_audio_alternate_setting_locate() — USBXCWE-125 8.2AIHighAI2025-10-17
CVE-2025-55098 Potential out-of-bounds read in _ux_host_class_audio_device_type_get() — USBXCWE-125 8.2AIHighAI2025-10-17
CVE-2025-55097 Potential out-of-bounds read in _ux_host_class_audio_streaming_sampling_get() — USBXCWE-125 8.2AIHighAI2025-10-17
CVE-2025-55096 Inadequate bounds check and potential underflow in _ux_host_class_hid_report_descriptor_get() — NetX DuoCWE-191 8.2AIHighAI2025-10-17
CVE-2025-55094 Potential out-of-bounds read in _nx_icmpv6_validate_options() — NetX DuoCWE-125 5.3AIMediumAI2025-10-17

This page lists every published CVE security advisory associated with Eclipse Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.