DNS Vulnerability in Netty Framework by Netty Project
CVE-2026-45674
8.7HIGH
What is CVE-2026-45674?
The Netty framework, widely used for developing network protocol servers and clients, exhibits a vulnerability in its DNS resolution process. Specifically, the DnsResolveContext component fails to properly validate the origin of CNAME records in DNS responses. This flaw could potentially allow for DNS spoofing attacks, undermining the integrity and security of network communications. Users are urged to upgrade to versions 4.1.135.Final or 4.2.15.Final, where this issue has been addressed.
Affected Version(s)
netty >= 4.2.0.Final, < 4.2.15.Final < 4.2.0.Final, 4.2.15.Final
netty < 4.1.135.Final < 4.1.135.Final
