Bug 2466990 (CVE-2026-6860)

Summary: CVE-2026-6860 eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aazores, abrianik, ant, aschwart, asoldano, aszczucz, avibelli, bbaranow, bgeorges, bmaxwell, boliveir, bstansbe, ccranfor, cescoffi, chfoley, cmah, dandread, dhanak, dkreling, dlofthou, drichtar, drosa, dsimansk, eaguilar, ebaron, ewittman, fmariani, fmongiar, ggrzybek, gmalinko, gsmet, istudens, ivassile, iweiss, janstey, jkoehler, jmartisk, jnethert, jolong, jpechane, jraez, jwon, kaycoth, kingland, kverlaen, lphiri, lthon, manderse, mcarlett, mnovotny, mosmerov, mposolda, mstipich, msvehla, nipatil, nwallace, olubyans, pantinor, parichar, pdelbell, pesilva, pgallagh, pjindal, pmackay, probinso, rexwhite, rgodfrey, rguimara, rhel-process-autobot, rkubis, rmartinc, rruss, rstancel, rstepani, rsvoboda, sausingh, sbiarozk, sdawley, ssilvert, sthirugn, sthorger, swoodman, tasato, tcunning, thjenkin, tqvarnst, vdosoudi, vmuzikar, watson-tool-maintainers, yfang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security (TLS) handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service (DoS) condition, impacting the availability of the affected system.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-06 10:02:06 UTC
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.

Comment 2 errata-xmlrpc 2026-07-02 00:05:02 UTC
This issue has been addressed in the following products:

  Streams for Apache Kafka 2.9.4

Via RHSA-2026:34608 https://access.redhat.com/errata/RHSA-2026:34608