CVE-2026-44890

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending specially crafted Redis payloads across multiple connections without proper termination. This can exhaust the server's direct memory pool, leading to a Denial of Service DoS condition where legitima...

CVE-2026-44250

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending a specially crafted Redis payload containing deeply nested arrays. This action forces the server to allocate a large number of state objects and collections, leading to memory exhaustion...

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper cleanup of pooled direct-memory buffers in the RedisArrayAggregator function. An attacker can exhaust the JVM-wide direct-memory pool by repeatedly opening and closing...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the decodeLength function. An attacker can exhaust the server's direct memory pool by sending continuous streams of digits without a terminating \r\n across multiple concurren...

ai.spice:spiceai (=0.6.0), cn.isqing.icloud:icloud-common-utils (>=4.0.3-M1 <=4.0.3.1) +417 more potentially affected by CVE-2026-44890 via io.netty:netty-codec-redis (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-codec-redis MAVEN version =4.2.0.Final, =4.0.3-M1, =1.21.9, =3.4.7, =25.4.1, =26.2.1, =7.9.0, =5.1.0, =5.1.0, =6.80, =0.2.2, =0.2.4 and more Source cves: CVE-2026-44890 Source advisory: OSV:GHSA-6GHJ-FRRJ-JJJ3...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2463 more potentially affected by CVE-2026-44890 via io.netty:netty-codec-redis (>=4.1.0.Final <=4.1.134.Final)

io.netty:netty-codec-redis MAVEN version =4.1.0.Final, =0.0.86, =0.0.86, =0.0.86, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.0.1, =2.0.24, =1.1.9, =0.3.36, =0.3.39 and more Source cves: CVE-2026-44890 Source advisory: OSV:GHSA-6GHJ-FRRJ-JJJ3...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2463 more potentially affected by CVE-2026-44250 via io.netty:netty-codec-redis (>=4.1.0.Final <=4.1.134.Final)

io.netty:netty-codec-redis MAVEN version =4.1.0.Final, =0.0.86, =0.0.86, =0.0.86, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.0.1, =2.0.24, =1.1.9, =0.3.36, =0.3.39 and more Source cves: CVE-2026-44250 Source advisory: OSV:GHSA-3244-J874-RHC2...

ai.spice:spiceai (=0.6.0), cn.isqing.icloud:icloud-common-utils (>=4.0.3-M1 <=4.0.3.1) +417 more potentially affected by CVE-2026-44250 via io.netty:netty-codec-redis (>=4.2.0.Final <=4.2.14.Final)

io.netty:netty-codec-redis MAVEN version =4.2.0.Final, =4.0.3-M1, =1.21.9, =3.4.7, =25.4.1, =26.2.1, =7.9.0, =5.1.0, =5.1.0, =6.80, =0.2.2, =0.2.4 and more Source cves: CVE-2026-44250 Source advisory: OSV:GHSA-3244-J874-RHC2...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2463 more potentially affected by CVE-2026-42586 via io.netty:netty-codec-redis (>=4.1.0.Final <=4.1.132.Final)

io.netty:netty-codec-redis MAVEN version =4.1.0.Final, =0.0.86, =0.0.86, =0.0.86, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.0.1, =2.0.24, =1.1.9, =0.3.36, =0.3.39 and more Source cves: CVE-2026-42586 Source advisory: OSV:GHSA-RGRR-P7GP-5XJ7...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2463 more potentially affected by CVE-2026-42586 via io.netty:netty-codec-redis (>=4.1.0.Final <=4.1.132.Final)

io.netty:netty-codec-redis MAVEN version =4.1.0.Final, =0.0.86, =0.0.86, =0.0.86, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.0.1, =2.0.24, =1.1.9, =0.3.36, =0.3.39 and more Source cves: CVE-2026-42586 Source advisory: SNYK:JAVA-IONETTY-16439010...

ai.spice:spiceai (=0.6.0), cn.isqing.icloud:icloud-common-utils (>=4.0.3-M1 <=4.0.3.1) +366 more potentially affected by CVE-2026-42586 via io.netty:netty-codec-redis (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-redis MAVEN version =4.2.0.Alpha1, =4.0.3-M1, =1.21.9, =3.4.7, =25.4.1, =26.2.1, =7.9.0, =5.1.0, =5.1.0, =6.80, =0.2.2, =0.2.4 and more Source cves: CVE-2026-42586 Source advisory: SNYK:JAVA-IONETTY-16439010...