CVE-2026-44890
7.5 HIGHNetty is a network application framework for development of protocol servers and clients
Published: 2026-06-11 · Last updated: 2026-06-11
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-400
Description
Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without `\r\n`. This exhausts the server's direct memory pool (OutOfDirectMemoryError), preventing legitimate connections from being processed. Versions 4.1.135.Final and 4.2.15.Final patch the issue.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-45169 — Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnera...
- CVE-2026-44892 — Netty is a network application framework for development of protocol servers and clients (7.5 HIGH)
- CVE-2026-44250 — Netty is a network application framework for development of protocol servers and clients (7.5 HIGH)
- CVE-2026-45802 — FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF
- CVE-2026-44496 — Axios is a promise based HTTP client for the browser and Node.js (7.5 HIGH)