8.1

CVE-2026-44249

Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions. Versions 4.1.135.Final and 4.2.15.Final patch the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NettyNetty Version < 4.1.135
NettyNetty Version >= 4.2.0 < 4.2.15
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.55% 0.419
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-1287 Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect.

https://bugzilla.redhat.com/show_bug.cgi?id=2488081
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44249.json
https://access.redhat.com/errata/RHSA-2026:34608
https://access.redhat.com/errata/RHSA-2026:36820
https://access.redhat.com/errata/RHSA-2026:26586
https://access.redhat.com/errata/RHSA-2026:28573
https://github.com/netty/netty/releases/tag/netty-4.1.135.Final
Release Notes
https://github.com/netty/netty/releases/tag/netty-4.2.15.Final
Release Notes
https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:26017
https://access.redhat.com/errata/RHSA-2026:26018
https://access.redhat.com/security/cve/CVE-2026-44249