CVE-2026-47691
HIGH 8.7Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's `DnsResolveContext` insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains (like `.co.uk`). In `io.netty.resolver.dns.DnsResolveContext.AuthoritativeNameServerList#add` method accepts any NS record from the AUTHORITY section as long as the record's name is a suffix of the questionName. Subsequently, the `handleWithAdditional` method caches the associated A records from the ADDITIONAL section directly into the `authoritativeDnsServerCache` under the parent domain's key. This bypasses standard bailiwick rules, where a server authoritative for a subdomain should not be trusted to provide authoritative records for its parent. The poisoned cache is then used for all future resolutions under the parent domain's key. Versions 4.1.135.Final and 4.2.15.Final patch the issue.
Severe if exploited (CVSS 8.7), but no known exploitation and low modeled probability. Patch on a normal cadence.
Exploitation likelihood
0.3%chance of exploitation in 30 days · 20th percentile
Impact if exploited
8.7CVSS 3.1 · HIGH
- ConfidentialityHigh
- IntegrityHigh
- AvailabilityNone
What an attacker needs
- ✓Access: Reachable over the network — no local access needed
- ✓Privileges: No account or privileges required
- ✓User interaction: No user interaction needed
- ⚠Complexity: Needs a race window or specific setup
✓ lowers the bar for an attacker · ⚠ raises it
Affected
Products Netty Red Hat Build Of Apache Camel 3.33 For Quarkus 3.33.2.Sp1 Red Hat Build Of Quarkus 3.27.4.Sp1 Red Hat Build Of Quarkus 3.33.2.Sp1 Cryostat 4 Openshift Serverless Red Hat Build Of Apache Camel Hawtio 4 Red Hat Build Of Apache Camel 4 For Quarkus 3
Weakness (CWE)
- CWE-345
- CWE-346
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
References
Advisories
Technical & other
- https://github.com/netty/netty/security/advisories/GHSA-5pvg-856g-cp85
- https://github.com/netty/netty/releases/tag/netty-4.1.135.Final
- https://github.com/netty/netty/releases/tag/netty-4.2.15.Final
- https://access.redhat.com/security/cve/CVE-2026-47691
- https://bugzilla.redhat.com/show_bug.cgi?id=2488439
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47691.json