Description
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.
Published: 2026-05-06
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A TCP client can initiate a TLS handshake and supply a server name extension that matches any value accepted by a server’s wildcard certificate. The server therefore accepts connections based on the wildcard, even if the client presents a host name that is not otherwise authorized. In effect, this allows a malicious or misconfigured client to gain TLS connectivity to the server under any arbitrary subdomain, potentially bypassing Server Name Indication (SNI) checks and creating a surface for host‑name spoofing, interception or unauthorized routing of traffic. The core weakness is that the server accepts any subdomain that fits the wildcard pattern without performing stricter validation of the presented host name, which can subvert standard TLS hostname verification.

Affected Systems

Eclipse Vert.x

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. The EPSS score of < 1% indicates a very low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. An attacker must be able to open a TCP connection to the target server, so the attack vector is primarily network‑based. Once the client can present any subdomain accepted by the wildcard certificate, the attacker may impersonate legitimate hosts or facilitate man‑in‑the‑middle scenarios within applications that rely on SNI for routing or security checks. The exploit is straightforward and could be automated, but its impact depends on how tightly the server uses the presented hostname for access control or routing decisions.

Generated by OpenCVE AI on May 12, 2026 at 15:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Eclipse Vert.x to a version that enforces strict hostname validation during TLS handshake
  • Configure the Vert.x server to reject wildcard SNI hostnames or restrict allowed hostnames on the TLS configuration
  • Implement custom TLS client hostname verification to ensure the presented hostname matches the certificate’s CN or SAN exactly
  • If upgrading immediately is not possible, set up a firewall rule or proxy that performs host name validation before traffic reaches the Vert.x server

Generated by OpenCVE AI on May 12, 2026 at 15:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-3g76-f9xq-8vp6 Vert.x has a DoS via unbounded server-side SNI SslContext cache growth
History

Tue, 12 May 2026 16:15:00 +0000

Type Values Removed Values Added
Title Wildcard Server Name Misuse in TLS Handshake Enables Client to Connect to Any Subdomain

Tue, 12 May 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
CPEs cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Wed, 06 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Eclipse
Eclipse vert.x
Vendors & Products Eclipse
Eclipse vert.x

Wed, 06 May 2026 12:00:00 +0000

Type Values Removed Values Added
Title Wildcard Server Name Misuse in TLS Handshake Enables Client to Connect to Any Subdomain
Weaknesses CWE-295

Wed, 06 May 2026 10:00:00 +0000

Type Values Removed Values Added
Description A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L'}

Subscriptions

Eclipse Vert.x
cve-icon MITRE

Status: PUBLISHED

Assigner: eclipse

Published:

Updated: 2026-05-12T20:29:09.712Z

Reserved: 2026-04-22T13:02:37.222Z

Link: CVE-2026-6860

cve-icon Vulnrichment

Updated: 2026-05-06T14:33:32.075Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T10:16:26.293

Modified: 2026-05-12T13:42:01.617

Link: CVE-2026-6860

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T16:00:13Z

Weaknesses