Network Application Framework Security Flaw in Netty
CVE-2026-50560

6.9MEDIUM

Key Information:

Vendor

Netty

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-50560?

The vulnerability in Netty's HTTP/2 implementation allows an attacker to exploit the max header list size setting, leading to an exception during response header writing. This execution, akin to an HTTP/2 reset attack, undermines the stability and security of network applications. It is critical that users transition to versions 4.1.135.Final or 4.2.15.Final where the issue has been resolved to ensure robust protection against potential exploits.

Affected Version(s)

netty >= 4.2.0.Final, < 4.2.15.Final < 4.2.0.Final, 4.2.15.Final

netty < 4.1.135.Final < 4.1.135.Final

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.