Network Application Framework Vulnerability in Netty
CVE-2026-44249
8.1HIGH
What is CVE-2026-44249?
In versions of the Netty framework prior to 4.1.135.Final and 4.2.15.Final, a flaw in the IPv6 subnet handling due to an incorrect masking operation in the IpSubnetFilterRule.compareTo() method allows attackers to bypass defined IP filters. This vulnerability could permit valid public IP addresses to circumvent security restrictions put in place, potentially exposing application servers or clients to unauthorized access and exploitation risks.
Affected Version(s)
netty >= 4.2.0.Final, < 4.2.15.Final < 4.2.0.Final, 4.2.15.Final
netty < 4.1.135.Final < 4.1.135.Final
