CVE-2026-44249

Published Jun 11, 2026

Last updated 2 days ago

CVSS high 8.1

Overview

Description
Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions. Versions 4.1.135.Final and 4.2.15.Final patch the issue.
Source
security-advisories@github.com
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-284

Social media

Hype score
Not currently trending

References

Sources include official advisories and independent security research.