CVE-2026-42580

Severity CVSS v4.0:
Pending analysis
Type:
CWE-190 Integer Overflow or Wraparound
Publication date:
13/05/2026
Last modified:
18/05/2026

Description

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* 4.1.133 (excluding)
cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* 4.2.0 (including) 4.2.13 (excluding)