Network Application Framework Security Flaw in Netty
CVE-2026-50560
6.9MEDIUM
What is CVE-2026-50560?
The vulnerability in Netty's HTTP/2 implementation allows an attacker to exploit the max header list size setting, leading to an exception during response header writing. This execution, akin to an HTTP/2 reset attack, undermines the stability and security of network applications. It is critical that users transition to versions 4.1.135.Final or 4.2.15.Final where the issue has been resolved to ensure robust protection against potential exploits.
Affected Version(s)
netty >= 4.2.0.Final, < 4.2.15.Final < 4.2.0.Final, 4.2.15.Final
netty < 4.1.135.Final < 4.1.135.Final
