CVE-2026-44249

CVE Database · CVE-2026-44249

CVE-2026-44249

· HIGHAnalyzed

CVSS v3.1

8.1

EPSS

0.51%

Published

Jun 11, 2026

Modified

Jun 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-284CWE-697

Affected Products (2)

netty · netty (up to 4.1.135)vulnerable

netty · netty (up to 4.2.15)vulnerable

References (3)

https://github.com/netty/netty/releases/tag/netty-4.1.135.Final

Release Notes

https://github.com/netty/netty/releases/tag/netty-4.2.15.Final

Release Notes

https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs