9.8

CVE-2026-42581

Exploit

Netty: HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absent for HTTP/1.0. An attacker that sends an HTTP/1.0 request with both headers causes Netty to decode the body as chunked while leaving Content-Length intact in the forwarded HttpMessage. Any downstream proxy or handler that trusts Content-Length over Transfer-Encoding will disagree on message boundaries, enabling request smuggling. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NettyNetty Version < 4.1.133
NettyNetty Version >= 4.2.0 < 4.2.13
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.399
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 5.8 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.2 3.9 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

https://bugzilla.redhat.com/show_bug.cgi?id=2477232
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42581.json
https://access.redhat.com/errata/RHSA-2026:28010
https://access.redhat.com/errata/RHSA-2026:36820
https://access.redhat.com/errata/RHSA-2026:23808
https://access.redhat.com/errata/RHSA-2026:24502
https://access.redhat.com/errata/RHSA-2026:25123
https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9
Vendor Advisory
Exploit
Mitigation
https://access.redhat.com/security/cve/CVE-2026-42581