CVE ID :CVE-2026-42583 Published : May 13, 2026, 7:17 p.m. | 29 minutes ago Description :Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if compressedLength == 1 - to force that allocation. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...