CVE-2026-45674

Published: Jun 12, 2026Modified: Jun 12, 2026

8.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.8

Source: security-advisories@github.com (Secondary)

Description

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Related CWEs

CWE-345

Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (3)

https://github.com/netty/netty/releases/tag/netty-4.1.135.Final

Source: security-advisories@github.com

https://github.com/netty/netty/releases/tag/netty-4.2.15.Final

Source: security-advisories@github.com

https://github.com/netty/netty/security/advisories/GHSA-676x-f7gg-47vc

Source: security-advisories@github.com

Timeline

No history available yet.