| CVE-2026-42581 |
critical |
9.8 |
9.8 |
15d ago |
Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization |
|
| CVE-2026-42584 |
critical |
9.1 |
9.1 |
15d ago |
Netty has HttpClientCodec response desynchronization |
|
| CVE-2026-42587 |
high |
7.5 |
7.5 |
15d ago |
Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS |
|
| CVE-2026-42585 |
high |
7.5 |
7.5 |
15d ago |
Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding |
|
| CVE-2026-42580 |
medium |
6.5 |
6.5 |
15d ago |
Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing |
|
| CVE-2021-43797 |
medium |
— |
5.5 |
5y ago |
HTTP request smuggling in netty |
|
| CVE-2021-21290 |
medium |
— |
5.5 |
5y ago |
Local Information Disclosure Vulnerability in Netty on Unix-Like systems |
|
| CVE-2026-41417 |
medium |
5.3 |
5.3 |
22d ago |
Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection |
|