Lucene search
+L

CVE-2026-42585 Netty: HTTP Request Smuggling due to malformed Transfer-Encoding

🗓️ 13 May 2026 18:12:39Reported by GitHub_MType 
cvelist
 cvelist
🔗 www.cve.org👁 41 Views

Netty HTTP request smuggling from malformed Transfer-Encoding; fixed in 4.2.13.Final and 4.1.133.Final.

Related
Affected
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of netty-codec-http
19 May 202619:19
ibm
IBM Security Bulletins
Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty
21 May 202616:11
ibm
IBM Security Bulletins
Security Bulletin: IBM® Db2® federated server is affected by multiple vulnerabilities in Netty open source libraries.
23 Jun 202619:50
ibm
IBM Security Bulletins
Security Bulletin: Due to the use of Netty, IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities
11 Jun 202607:12
ibm
Atlassian
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Bamboo Data Center
1 Jun 202622:30
atlassian
Atlassian
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Confluence Data Center
2 Jun 202616:30
atlassian
Atlassian
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Crowd Data Center
11 Jun 202617:31
atlassian
Atlassian
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Service Management Data Center
3 Jun 202616:30
atlassian
Atlassian
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Data Center
21 May 202619:29
atlassian
BDU FSTEC
The vulnerability of the netty-codec-http module in the framework for developing network applications, servers, and clients using the Netty protocol allows attackers to inject arbitrary HTTP requests.
16 Jul 202600:00
bdu_fstec
Rows per page
[
  {
    "vendor": "netty",
    "product": "netty",
    "versions": [
      {
        "version": ">= 4.2.0.Alpha1, < 4.2.13.Final",
        "status": "affected"
      },
      {
        "version": "< 4.1.133.Final",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "io.netty",
    "product": "netty-codec-http",
    "versions": [
      {
        "version": ">= 4.2.0.Alpha1, < 4.2.13.Final",
        "status": "affected"
      },
      {
        "version": "< 4.1.133.Final",
        "status": "affected"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation