HTTP Request Smuggling io.netty:netty-codec-http Dependency in Bamboo Data Center

🗓️ 14 Apr 2026 22:29:46Reported by security-metrics-botType

High severity request smuggling in Bamboo Data Center due to Netty; upgrade to fixed versions.

Reporter	Title	Published	Views	Family All 170
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.129.Final.jar	28 Apr 202622:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities	15 Apr 202615:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty and jackson-core (CVE-2026-33870, WS-2026-003)	11 May 202607:46	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in netty-codec-http-4.1.130.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33870)	29 May 202609:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.9.Final.jar which is vulnerable to CVE-2026-33870	29 May 202608:49	–	ibm
IBM Security Bulletins	Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Netty framework	17 Apr 202618:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty	27 May 202605:11	–	ibm
ATTACKERKB	CVE-2026-33870	27 Mar 202619:54	–	attackerkb
Information Security Automation	April Linux Patch Wednesday	22 Apr 202616:00	–	avleonov
Tenable Nessus	Atlassian Bamboo 9.6.x < 9.6.25 / 10.x < 10.2.18 / 11.x < 12.1.6 Multiple Vulnerabilities	1 May 202600:00	–	nessus