Memory Exhaustion Vulnerability in Netty Framework by Netty
CVE-2026-48748
7.5HIGH
What is CVE-2026-48748?
The Netty framework, widely used for building network applications, has a vulnerability in its HTTP/3 codec that allows an attacker to create an unbounded number of streams. This can lead to a memory exhaustion issue, causing the affected system to experience out-of-memory (OOM) errors. Users are advised to upgrade to version 4.2.15.Final or later to mitigate this risk.
Affected Version(s)
netty >= 4.2.0.Final, < 4.2.15.Final
