Denial of Service Vulnerability in Netty Codec for Redis
CVE-2026-44250

7.5HIGH

Key Information:

Vendor

Netty

Status
Vendor
CVE Published:
11 June 2026

What is CVE-2026-44250?

The netty-codec-redis component of the Netty framework is susceptible to a Denial of Service attack. By sending carefully crafted Redis payloads with deeply nested arrays, an attacker can trigger excessive memory allocation, leading to memory exhaustion and causing an OutOfMemoryError on the server. This vulnerability impacts versions prior to 4.1.135.Final and 4.2.15.Final, which have been patched to prevent such exploitation.

Affected Version(s)

netty >= 4.2.0.Final, < 4.2.15.Final < 4.2.0.Final, 4.2.15.Final

netty < 4.1.135.Final < 4.1.135.Final

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.