Network Application Framework Vulnerability in Netty
CVE-2026-44249

8.1HIGH

Key Information:

Vendor

Netty

Status
Vendor
CVE Published:
11 June 2026

What is CVE-2026-44249?

In versions of the Netty framework prior to 4.1.135.Final and 4.2.15.Final, a flaw in the IPv6 subnet handling due to an incorrect masking operation in the IpSubnetFilterRule.compareTo() method allows attackers to bypass defined IP filters. This vulnerability could permit valid public IP addresses to circumvent security restrictions put in place, potentially exposing application servers or clients to unauthorized access and exploitation risks.

Affected Version(s)

netty >= 4.2.0.Final, < 4.2.15.Final < 4.2.0.Final, 4.2.15.Final

netty < 4.1.135.Final < 4.1.135.Final

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.