DNS Vulnerability in Netty Framework by Netty Project
CVE-2026-45674

8.7HIGH

Key Information:

Vendor

Netty

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-45674?

The Netty framework, widely used for developing network protocol servers and clients, exhibits a vulnerability in its DNS resolution process. Specifically, the DnsResolveContext component fails to properly validate the origin of CNAME records in DNS responses. This flaw could potentially allow for DNS spoofing attacks, undermining the integrity and security of network communications. Users are urged to upgrade to versions 4.1.135.Final or 4.2.15.Final, where this issue has been addressed.

Affected Version(s)

netty >= 4.2.0.Final, < 4.2.15.Final < 4.2.0.Final, 4.2.15.Final

netty < 4.1.135.Final < 4.1.135.Final

References

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.