Vulnerabilities

Report: CVE-2026-42579 - Netty: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder) - Complete Guide

2026-05-13 0 views admin

CVE ID :CVE-2026-42579 Published : May 13, 2026, 7:17 p.m. | 29 minutes ago Description :Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-42579

Severity

HIGH

Published

May 13, 2026

Attack Vector: network

🏷️ Tags

report42579nettycodecinputvalidationbypassencoderdecodercomplete

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-42579 - Netty: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder) - Complete Guide

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: Update: CVE-2026-41132 - CKAN: No certificate validation on STMP connection

Report: CVE-2026-42032 - CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql` - Expert Insights

Report: CVE-2026-42031 - CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_searc

Report: CVE-2026-41255 - CKAN: CSRF exemption primed by anonymous requests

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting