CVE-2026-48040

The CVE-2026-48040 entry concerns netty-incubator-codec.bhttp prior to 0.0.22.Final, where a fallback path for direct ByteBufs is taken when Unsafe is unavailable. Under these conditions, an unauthenticated network attacker can trigger cryptographic operations via crafted OHTTP requests, causing ...

io.netty.incubator:netty-incubator-codec-ohttp (>=0.0.10.Final <=0.0.12.Final) potentially affected by CVE-2024-40642 via io.netty.incubator:netty-incubator-codec-bhttp (>=0.0.10.Final <=0.0.12.Final)

io.netty.incubator:netty-incubator-codec-bhttp MAVEN version =0.0.10.Final, =0.0.10.Final, =0.0.12.Final Source cves: CVE-2024-40642 Source advisory: OSV:GHSA-Q8F2-HXQ5-CP4H...