CVE-2026-45674 PUBLISHED

Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Assigner: GitHub_M
Reserved: 12.05.2026 Published: 12.06.2026 Updated: 12.06.2026

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CVSS Score: 8.7

Product Status

Vendor netty
Product netty
Versions
  • Version >= 4.2.0.Final, < 4.2.15.Final is affected
  • Version < 4.1.135.Final is affected

References

Problem Types

  • CWE-345: Insufficient Verification of Data Authenticity CWE