DNS Vulnerability in Netty Framework Affects Network Protocol Development
CVE-2026-45673

6.8MEDIUM

Key Information:

Vendor

Netty

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-45673?

Prior to specific updated versions, the Netty Framework utilized a predictable Pseudorandom Number Generator (PRNG) for DNS transaction ID generation and employed a static UDP source port. This predictable behavior significantly reduces the entropy of DNS queries, leaving them susceptible to DNS Cache Poisoning attacks, commonly associated with the Kaminsky exploit. This vulnerability can allow an attacker to divert legitimate traffic, leading to potential data breaches or service disruptions. Updated versions 4.1.135.Final and 4.2.15.Final have addressed and patched this critical issue, enhancing the security of DNS resolvers.

Affected Version(s)

netty >= 4.2.0.Final, < 4.2.15.Final < 4.2.0.Final, 4.2.15.Final

netty < 4.1.135.Final < 4.1.135.Final

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.