CVE-2026-42580 - CERT CVE

  1. CVE-2026-42580

ID CVE-2026-42580
Sažetak Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.
Reference
CVSS
Base: 6.5
Impact: 2.5
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE LOW LOW
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Zadnje važnije ažuriranje 14-05-2026 - 19:16
Objavljeno 13-05-2026 - 19:17