| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-42581 |
critical |
9.8 |
9.8 |
14d ago |
Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization |
|
| CVE-2026-42584 |
critical |
9.1 |
9.1 |
14d ago |
Netty has HttpClientCodec response desynchronization |
|
| CVE-2026-42587 |
high |
7.5 |
7.5 |
14d ago |
Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS |
|
| CVE-2026-42585 |
high |
7.5 |
7.5 |
14d ago |
Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding |
|
| CVE-2026-42580 |
medium |
6.5 |
6.5 |
14d ago |
Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing |
|
| CVE-2026-41417 |
medium |
5.3 |
5.3 |
21d ago |
Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection |
|