CVEFinder.io

CVE-2026-45673

🔶 medium
🔍 Scan for this CVE
Summary

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning (Kaminsky attack). Versions 4.1.135.Final and 4.2.15.Final patch the issue.

CVSS Score
6.8
Medium
EPSS Score
0.4
Exploit Probability
Published Date
2026-06-12
First Seen: 2026-06-13
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 48.8% of all 328,009 vulnerabilities in our database.

#167,835
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 12, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-06-15
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
CWE IDs (Weakness Types)
CWE-330 CWE-340

📦 Affected Products 2

Vendor Product Status Affected Versions
netty netty Affected
< 4.1.135
netty netty Affected
> 4.2.0 < 4.2.15

🔗 References 3

https://github.com/netty/netty/releases/tag/netty-4....
Release Notes
https://github.com/netty/netty/releases/tag/netty-4....
Release Notes
https://github.com/netty/netty/security/advisories/G...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-44892 ⚠️ high 7.5 0.5 Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final,... 2026-06-12
CVE-2026-44893 ⚠️ high 7.5 0.6 Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior t... 2026-06-12
CVE-2026-44894 ⚠️ high 7.5 0.2 Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the toke... 2026-06-12
CVE-2026-45416 ⚠️ high 7.5 0.6 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Fina... 2026-06-12
CVE-2026-45536 🔶 medium 4.0 0.2 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Fina... 2026-06-12
CVE-2026-45674 ⚠️ high 8.7 0.2 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Fina... 2026-06-12
These CVEs affect the same products