SUSE CVE-2026-33871

🗓️ 30 Mar 2026 23:27:14Reported by Suse CVEType

Netty prior to 4.1.132.Final and 4.2.10.Final have a DoS on HTTP/2 via flood of continuation frames; zero-byte frames bypass checks; fixed in these versions.

Reporter	Title	Published	Views	Family All 168
IBM Security Bulletins	Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities	15 Apr 202615:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for April 2026	30 Apr 202611:49	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.	5 Jun 202610:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	27 May 202606:40	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in netty-codec-http2-4.1.130.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33871)	29 May 202609:03	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software	22 Jun 202614:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Db2® federated server is affected by multiple vulnerabilities in Netty open source libraries.	23 Jun 202619:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http2-4.1.129.Final.jar	29 Apr 202617:55	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	22 Jun 202613:20	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager.	26 Jun 202610:58	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	netty	4.1.132-1.1	netty-4.1.132-1.1.noarch.rpm
OpenSUSE Leap	15.6	any	netty	4.1.132-150200.4.43.1	netty-4.1.132-150200.4.43.1.noarch.rpm
SUSE Linux Enterprise Server	15.7	any	netty	4.1.132-150200.4.43.1	netty-4.1.132-150200.4.43.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	netty-bom	4.1.132-1.1	netty-bom-4.1.132-1.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	netty-javadoc	4.1.132-1.1	netty-javadoc-4.1.132-1.1.noarch.rpm
OpenSUSE Leap	15.6	any	netty-javadoc	4.1.132-150200.4.43.1	netty-javadoc-4.1.132-150200.4.43.1.noarch.rpm
SUSE Linux Enterprise Server	15.7	any	netty-javadoc	4.1.132-150200.4.43.1	netty-javadoc-4.1.132-150200.4.43.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	netty-parent	4.1.132-1.1	netty-parent-4.1.132-1.1.noarch.rpm
OpenSUSE Leap	15.6	any	netty-tcnative	2.0.75-150200.3.36.1	netty-tcnative-2.0.75-150200.3.36.1.noarch.rpm
SUSE Linux Enterprise Desktop	15.7	any	netty-tcnative	2.0.75-150200.3.36.1	netty-tcnative-2.0.75-150200.3.36.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2026-33871
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1261043
lists	www.lists.suse.com/pipermail/sle-updates/2026-April/045563.html

26 Jun 2026 02:20Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.15.9

EPSS0.0065