COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-42579

CVE-2026-42579

Severity
high
Source
NVD · cve
Published
2026-05-13
CVSS
7.5
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-42579
shame 25/100

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS respon

Players implicated

netty · vendornetty · product

Description

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.