ByteOS Network

NVD Vulnerability Details :

CVE-2026-44249

Received

Source-security-advisories@github.com

Published At-11 Jun, 2026 | 22:16

Updated At-11 Jun, 2026 | 22:16

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-284	Primary	security-advisories@github.com
CWE-697	Primary	security-advisories@github.com

CWE ID: CWE-284

Type: Primary

Source: security-advisories@github.com

CWE ID: CWE-697

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/netty/netty/releases/tag/netty-4.1.135.Final	security-advisories@github.com	N/A
https://github.com/netty/netty/releases/tag/netty-4.2.15.Final	security-advisories@github.com	N/A
https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86	security-advisories@github.com	N/A