CVE-2026-42580
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vulnerability Description
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-190
Source
GitHub
Vendor
maven
Product
io.netty:netty-codec-http
Discussion (0)
Add Comment
No comments yet. Be the first!