Denial of Service Vulnerability in Netty Codec for Redis
CVE-2026-44250
7.5HIGH
What is CVE-2026-44250?
The netty-codec-redis component of the Netty framework is susceptible to a Denial of Service attack. By sending carefully crafted Redis payloads with deeply nested arrays, an attacker can trigger excessive memory allocation, leading to memory exhaustion and causing an OutOfMemoryError on the server. This vulnerability impacts versions prior to 4.1.135.Final and 4.2.15.Final, which have been patched to prevent such exploitation.
Affected Version(s)
netty >= 4.2.0.Final, < 4.2.15.Final < 4.2.0.Final, 4.2.15.Final
netty < 4.1.135.Final < 4.1.135.Final
