Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-50560 |
|
Vulnerability in io.netty:netty-codec-http2 (CVE-2026-50560)
vulnerability in io.netty:netty-codec-http2 (CVE-2026-50560). Risk of unauthorized operations or information disclosure. Exploitable via ``SETTINGS_MAX_HEADER_LIST_SIZE``. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-50010 |
|
Vulnerability in io.netty:netty-handler (CVE-2026-50010)
vulnerability in io.netty:netty-handler (CVE-2026-50010). Confidential information can be exposed externally. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-50009 |
|
Information Disclosure in io.netty:netty-codec-classes-quic (CVE-2026-50009)
vulnerability in io.netty:netty-codec-classes-quic (CVE-2026-50009). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.2.15.Final` or later.
|
| CVE-2026-50011 |
|
Vulnerability in io.netty:netty-codec-redis (CVE-2026-50011)
vulnerability in io.netty:netty-codec-redis (CVE-2026-50011). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-50020 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-50020)
vulnerability in io.netty:netty-codec-http (CVE-2026-50020). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpObjectDecoder``. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-48748 |
|
Vulnerability in io.netty:netty-codec-http3 (CVE-2026-48748)
vulnerability in io.netty:netty-codec-http3 (CVE-2026-48748). Risk of unauthorized operations or information disclosure. Exploitable via ``HTTP3_SETTINGS_QPACK_MAX_TABLE_CAPACITY``. Mitigation: upgrade to `4.2.15.Final` or later.
|
| CVE-2026-48059 |
|
Vulnerability in io.netty:netty-codec-haproxy (CVE-2026-48059)
vulnerability in io.netty:netty-codec-haproxy (CVE-2026-48059). Risk of unauthorized operations or information disclosure. Exploitable via ``PP2_TYPE_SSL``. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-48043 |
|
Vulnerability in io.netty:netty-codec-http2 (CVE-2026-48043)
vulnerability in io.netty:netty-codec-http2 (CVE-2026-48043). Risk of unauthorized operations or information disclosure. Exploitable via ``DelegatingDecompressorFrameListener``. Mitigation: upgrade to `4.2.15.Final` or later.
|
| CVE-2026-48006 |
|
Vulnerability in io.netty:netty-codec-redis (CVE-2026-48006)
vulnerability in io.netty:netty-codec-redis (CVE-2026-48006). Risk of unauthorized operations or information disclosure. Exploitable via ``depths``. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-47691 |
|
Vulnerability in io.netty:netty-resolver-dns (CVE-2026-47691)
vulnerability in io.netty:netty-resolver-dns (CVE-2026-47691). Confidential information can be exposed externally. Exploitable via ``DnsResolveContext``. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-47244 |
|
Vulnerability in io.netty:netty-codec-http2 (CVE-2026-47244)
vulnerability in io.netty:netty-codec-http2 (CVE-2026-47244). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-46340 |
|
Vulnerability in io.netty:netty-transport-sctp (CVE-2026-46340)
vulnerability in io.netty:netty-transport-sctp (CVE-2026-46340). Risk of unauthorized operations or information disclosure. Exploitable via ``complete``. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-45674 |
|
Vulnerability in io.netty:netty-resolver-dns (CVE-2026-45674)
vulnerability in io.netty:netty-resolver-dns (CVE-2026-45674). Confidential information can be exposed externally. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-45673 |
|
Vulnerability in io.netty:netty-resolver-dns (CVE-2026-45673)
vulnerability in io.netty:netty-resolver-dns (CVE-2026-45673). Data can be tampered with by attackers. Exploitable via ``DnsQueryIdSpace``. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-45536 |
|
Information Disclosure in io.netty:netty-transport-native-epoll (CVE-2026-45536)
vulnerability in io.netty:netty-transport-native-epoll (CVE-2026-45536). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-45416 |
|
Vulnerability in io.netty:netty-handler (CVE-2026-45416)
vulnerability in io.netty:netty-handler (CVE-2026-45416). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-44894 |
|
Vulnerability in io.netty:netty-codec-classes-quic (CVE-2026-44894)
vulnerability in io.netty:netty-codec-classes-quic (CVE-2026-44894). Data can be tampered with by attackers. Mitigation: upgrade to `4.2.15.Final` or later.
|
| CVE-2026-44893 |
|
Vulnerability in io.netty:netty-codec-haproxy (CVE-2026-44893)
vulnerability in io.netty:netty-codec-haproxy (CVE-2026-44893). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-44892 |
|
Vulnerability in io.netty:netty-codec-http3 (CVE-2026-44892)
vulnerability in io.netty:netty-codec-http3 (CVE-2026-44892). Risk of unauthorized operations or information disclosure. Exploitable via ``Http3ConnectionHandler``. Mitigation: upgrade to `4.2.15.Final` or later.
|
| CVE-2026-44890 |
|
Vulnerability in io.netty:netty-codec-redis (CVE-2026-44890)
vulnerability in io.netty:netty-codec-redis (CVE-2026-44890). Risk of unauthorized operations or information disclosure. Exploitable via ``decodeLength``. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-44250 |
|
Vulnerability in io.netty:netty-codec-redis (CVE-2026-44250)
vulnerability in io.netty:netty-codec-redis (CVE-2026-44250). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-44249 |
|
Vulnerability in io.netty:netty-handler (CVE-2026-44249)
vulnerability in io.netty:netty-handler (CVE-2026-44249). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-48040 |
|
Out-of-Bounds Read in io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl (CVE-2026-48040)
vulnerability in io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl (CVE-2026-48040). Confidential information can be exposed externally. Exploitable via ``sun.misc.Unsafe``. Mitigation: upgrade to `0.0.22.Final` or later.
|
| CVE-2026-41207 |
|
Vulnerability in io.netty.incubator:netty-incubator-codec-ohttp (CVE-2026-41207)
vulnerability in io.netty.incubator:netty-incubator-codec-ohttp (CVE-2026-41207). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.21.Final` or later.
|
| CVE-2026-42587 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42587)
vulnerability in io.netty:netty-codec-http (CVE-2026-42587). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpContentDecompressor``. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42585 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42585)
vulnerability in io.netty:netty-codec-http (CVE-2026-42585). Risk of unauthorized operations or information disclosure. Exploitable via `GET /smuggled`. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42584 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42584)
vulnerability in io.netty:netty-codec-http (CVE-2026-42584). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42583 |
|
Vulnerability in io.netty:netty-codec-compression (CVE-2026-42583)
vulnerability in io.netty:netty-codec-compression (CVE-2026-42583). Risk of unauthorized operations or information disclosure. Exploitable via ``decompressedLength``. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-42581 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42581)
vulnerability in io.netty:netty-codec-http (CVE-2026-42581). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api`. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42580 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42580)
vulnerability in io.netty:netty-codec-http (CVE-2026-42580). Risk of unauthorized operations or information disclosure. Exploitable via `GET /smuggled`. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42579 |
|
Vulnerability in io.netty:netty-codec-dns (CVE-2026-42579)
vulnerability in io.netty:netty-codec-dns (CVE-2026-42579). Data can be tampered with by attackers. Exploitable via ``io.netty.handler.codec.dns.DnsCodecUtil``. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42578 |
|
Vulnerability in io.netty:netty-handler-proxy (CVE-2026-42578)
vulnerability in io.netty:netty-handler-proxy (CVE-2026-42578). Data can be tampered with by attackers. Exploitable via ``io.netty.handler.proxy.HttpProxyHandler``. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-42577 |
|
Vulnerability in io.netty:netty-transport-native-epoll (CVE-2026-42577)
vulnerability in io.netty:netty-transport-native-epoll (CVE-2026-42577). Risk of unauthorized operations or information disclosure. Exploitable via ``ALLOW_HALF_CLOSURE``. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-44248 |
|
Vulnerability in io.netty:netty-codec-mqtt (CVE-2026-44248)
vulnerability in io.netty:netty-codec-mqtt (CVE-2026-44248). Risk of unauthorized operations or information disclosure. Exploitable via ``MqttDecoder``. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42586 |
|
Vulnerability in io.netty:netty-codec-redis (CVE-2026-42586)
vulnerability in io.netty:netty-codec-redis (CVE-2026-42586). Data can be tampered with by attackers. Exploitable via ``io.netty.handler.codec.redis.RedisEncoder``. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42582 |
|
Vulnerability in io.netty:netty-codec-http3 (CVE-2026-42582)
vulnerability in io.netty:netty-codec-http3 (CVE-2026-42582). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-41417 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-41417)
vulnerability in io.netty:netty-codec-http (CVE-2026-41417). Risk of unauthorized operations or information disclosure. Exploitable via `POST /s2`. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-33870 |
|
Vulnerability in netty (CVE-2026-33870)
vulnerability in netty (CVE-2026-33870). Data can be tampered with by attackers.
|
| CVE-2026-33871 |
|
Vulnerability in dos (CVE-2026-33871)
vulnerability in dos (CVE-2026-33871). Risk of unauthorized operations or information disclosure. Exploitable via ``CONTINUATION``.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2015-2156 |
|
Vulnerability in netty (CVE-2015-2156)
vulnerability in netty (CVE-2015-2156). Confidential information can be exposed externally.
|
| CVE-2016-4970 |
|
Vulnerability in dos (CVE-2016-4970)
vulnerability in dos (CVE-2016-4970). Risk of unauthorized operations or information disclosure.
|