CVE-2026-45674

Published Jun 12, 2026

Last updated a day ago

CVSS high 8.7

Overview

Description
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue.
Source
security-advisories@github.com
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.7
Impact score
5.8
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-345

Social media

Hype score
Not currently trending

  1. Urgent! Netty DNS cache poisoning (CVE-2026-45674/45673) & ClipBucket SQLi (CVE-2026-49482) reported within the last hour. These critical vulns enable traffic interception & data exfiltration. High risk to privacy/integrity. Patch now! #Cybersecurity #NetworkSecurity #Zer

    @YourAnon_irc

    12 Jun 2026

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.