VIR Vulnerability Intelligence Relay

Package impact

java MAVEN / io.netty:netty-codec-http

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42581 critical 9.8 9.8 15d ago Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization susedebianjava
CVE-2026-42584 critical 9.1 9.1 15d ago Netty has HttpClientCodec response desynchronization susedebianjava
CVE-2026-42580 medium 6.5 6.5 15d ago Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing susedebianjava
CVE-2026-41417 medium 5.3 5.3 22d ago Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection susedebianjava