7.5
CVE-2026-33870
- EPSS 0.64%
- Veröffentlicht 27.03.2026 19:54:15
- Zuletzt bearbeitet 03.07.2026 13:17:06
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fix the issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.461 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
https://w4ke.info/2025/06/18/funky-chunks.html
https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8
https://w4ke.info/2025/10/29/funky-chunks-2.html
https://www.rfc-editor.org/rfc/rfc9110
https://access.redhat.com/errata/RHSA-2026:10184
https://access.redhat.com/errata/RHSA-2026:18059
https://access.redhat.com/errata/RHSA-2026:18054
https://access.redhat.com/errata/RHSA-2026:18055
https://access.redhat.com/errata/RHSA-2026:17668
https://access.redhat.com/errata/RHSA-2026:13571
https://access.redhat.com/errata/RHSA-2026:10175
https://access.redhat.com/errata/RHSA-2026:8509
https://access.redhat.com/errata/RHSA-2026:14272
https://access.redhat.com/errata/RHSA-2026:14276
https://access.redhat.com/errata/RHSA-2026:17789
https://access.redhat.com/errata/RHSA-2026:7109
https://access.redhat.com/errata/RHSA-2026:7380
https://access.redhat.com/errata/RHSA-2026:22619
https://access.redhat.com/errata/RHSA-2026:8159
https://access.redhat.com/security/cve/CVE-2026-33870
https://bugzilla.redhat.com/show_bug.cgi?id=2452453
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33870.json
https://access.redhat.com/errata/RHSA-2026:34608