SecAlerts
CVE ListPricingSign Up
netty logo

netty

Security Risk Profile

46
/100
medium

Security Risk Score

Comprehensive risk assessment based on 59 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from April 30, 2014 to present

59
Total CVEs
32
Critical+High
1
Exploited
5
Unpatched

Threat Assessment

Avg CVSS
6.7
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
5
Critical/High
Risk Level
46/100
medium
⚠️ 1 Active Exploits 1 Zero-Days📈 13 in Last 30 Days

Severity Distribution

Critical
6
High
26
Medium
22
Low
2

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
3

Age Distribution

Common Weaknesses (CWE)

1
Input Validation
7
2
CRLF Injection
5
3
XSS
4
4
Command Injection
2
5
Integer Overflow
2

Most Affected Products

1. Netty Netty156
2. redhat/eap7-netty38
3. Lightbend Play Framework38
4. playframework Play Framework36
5. Debian Debian Linux32

Recent Vulnerabilities

See more →
CVE-2026-44248
CVSS 7.5high

Netty: Resource exhaustion in MqttDecoder

5/7/2026
CVE-2026-42587
CVSS 7.5high

Netty: HttpContentDecompressor maxAllocation bypass via Content-Encoding: br/zstd/snappy enables decompression bomb DoS

5/7/2026
CVE-2026-42586
CVSS 7.1high

Netty: CRLF Injection in Netty Redis Codec Encoder

5/7/2026
CVE-2026-42585
CVSS 7.5high

Netty: HTTP Request Smuggling due to malformed Transfer-Encoding

5/7/2026
CVE-2026-42584
CVSS 9.1critical

Netty: HttpClientCodec response desynchronization

5/7/2026
CVE-2026-42583
CVSS 7.5high

Netty: Lz4FrameDecoder resource exhaustion

5/7/2026
CVE-2026-42582
CVSS 7.5high

Netty: HTTP/3 QPACK literal unbounded allocation

5/7/2026
CVE-2026-42581
CVSS 9.8critical

Netty: HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization

5/7/2026
CVE-2026-42580
CVSS 6.5medium

Netty: HTTP Request Smuggling due to incorrect chunk size parsing

5/7/2026
CVE-2026-42579
CVSS 9.1critical

Netty: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder)

5/7/2026

Monitor netty in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.