CVE-2026-45674
8.7 HIGHNetty is a network application framework for development of protocol servers and clients
Published: 2026-06-12 · Last updated: 2026-06-15
Severity and scoring
- CVSS
- 8.7 HIGH
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
- CWE
- CWE-345
Affected products
| Vendor | Product |
|---|---|
| netty | netty |
Description
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-50560 — Netty is a network application framework for development of protocol servers and clients (5.3 MEDIUM)
- CVE-2026-50020 — Netty is a network application framework for development of protocol servers and clients (5.3 MEDIUM)
- CVE-2026-50011 — Netty is a network application framework for development of protocol servers and clients (7.5 HIGH)
- CVE-2026-50010 — Netty is a network application framework for development of protocol servers and clients (7.5 HIGH)
- CVE-2026-50009 — Netty is a network application framework for development of protocol servers and clients (4.8 MEDIUM)
Same CWE
- CVE-2026-47777 — Mastodon is a free, open-source social network server based on ActivityPub (7.5 HIGH)
- CVE-2026-53406 — Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an au... (7.8 HIGH)
- CVE-2026-47691 — Netty is a network application framework for development of protocol servers and clients (8.7 HIGH)
- CVE-2026-46654 — Plonky3 is a toolkit for polynomial IOPs (PIOPs)
- CVE-2026-48096 — OpenFGA is an authorization/permission engine built for developers (5.0 MEDIUM)