COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-45674

CVE-2026-45674

Severity
high
Source
NVD · cve
Published
2026-06-12
CVSS
8.7
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-45674
shame 25/100

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Fina

Players implicated

netty · vendornetty · product

Description

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.