io.netty:netty-codec-redis
Maven5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting io.netty:netty-codec-redispage 1 of 1
- CVE-2026-42586MEDIUMCVSS 6.8EG 6.8✓ Fixed in 4.1.133.Final2026-05-13
vulnerable: 4.1.0.Final ... 4.1.99.Final (133 versions)
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to the network output buffer without…
- CVE-2026-44250HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.135.Final2026-06-08
vulnerable: 4.1.0.Final ... 4.1.99.Final (135 versions)
Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply neste…
- CVE-2026-44890HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.135.Final2026-06-08
vulnerable: 4.1.0.Final ... 4.1.99.Final (135 versions)
Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple co…
- CVE-2026-48006HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.135.Final2026-06-11
vulnerable: 4.1.0.Final ... 4.1.99.Final (135 versions)
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeli…
- CVE-2026-50011HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.135.Final2026-06-12
vulnerable: 4.1.0.Final ... 4.1.99.Final (135 versions)
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element …
Check whether io.netty:netty-codec-redis is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.netty:netty-codec-redis CVEs against the assets you own.
Start Free Scan →