CVE-2026-6860: Unbounded SNI Cache Growth in Eclipse Vert.x Vulnerability ID: CVE-2026-6860 CVSS Score: 5.3 Published: 2026-05-09 Eclipse Vert.x suffers from an uncontrolled resource consumption vulnerability within its Server Name Indication (SNI) processing logic. When server-side SNI is enabled alongside a wildcard TLS certificate, unauthenticated remote attackers can exhaust server memory by initiating handshakes with continuous unique hostname values, ultimately resulting in a Denial of Service (DoS). TL;DR A flaw in the SNI caching mechanism of Eclipse Vert.x allows remote attackers to trigger out-of-memory (OOM) conditions. By sending numerous TLS ClientHello messages with uniquely generated hostnames matching a wildcard certificate, an attacker bypasses cache hits and forces the unbounded allocation of SslContext objects in JVM memory.…