← All CVEs

CVE-2026-44249

HIGH 8.1

Published 2026-06-11 · Last modified 2026-07-01

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

ELEVATED IMPACT

Severe if exploited (CVSS 8.1), but no known exploitation and low modeled probability. Patch on a normal cadence.

Exploitation likelihood

0.6%chance of exploitation in 30 days · 42nd percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

8.1CVSS 3.1 · HIGH

  • ConfidentialityHigh
  • IntegrityHigh
  • AvailabilityHigh

What an attacker needs

  • Access: Reachable over the network — no local access needed
  • Privileges: No account or privileges required
  • User interaction: No user interaction needed
  • Complexity: Needs a race window or specific setup

✓ lowers the bar for an attacker · ⚠ raises it

Affected

Vendors Netty Red Hat

Products Netty Red Hat Build Of Apache Camel 3.33 For Quarkus 3.33.2.Sp1 Red Hat Offline Knowledge Portal 1.2.6 Red Hat Build Of Quarkus 3.27.4.Sp1 Red Hat Build Of Quarkus 3.33.2.Sp1 Cryostat 4 Openshift Serverless Red Hat Amq Broker 7

Weakness (CWE)

  • CWE-284
  • CWE-697
  • CWE-1287

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Sources: NVD · CVE.org · EPSS