High severity7.5GHSA Advisory· Published May 13, 2026· Updated May 18, 2026
CVE-2026-42577
CVE-2026-42577
Description
Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100% CPU busy-loop in the event loop thread. This vulnerability is fixed in 4.2.13.Final.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.netty:netty-transport-native-epollMaven | >= 4.2.0.Final, < 4.2.13.Final | 4.2.13.Final |
Affected products
186- osv-coords185 versionspkg:apk/chainguard/apache-activemq-artemispkg:apk/chainguard/apache-hoppkg:apk/chainguard/apache-hop-fipspkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-pulsar-4.0pkg:apk/chainguard/apache-pulsar-4.1pkg:apk/chainguard/apache-pulsar-4.2pkg:apk/chainguard/apache-pulsar-fips-4.0pkg:apk/chainguard/apache-pulsar-fips-4.1pkg:apk/chainguard/apache-pulsar-fips-4.2pkg:apk/chainguard/camunda-8.8pkg:apk/chainguard/camunda-8.9pkg:apk/chainguard/camunda-zeebe-8.6pkg:apk/chainguard/camunda-zeebe-8.7pkg:apk/chainguard/camunda-zeebe-8.8pkg:apk/chainguard/camunda-zeebe-8.9pkg:apk/chainguard/cassandra-5.0pkg:apk/chainguard/cassandra-fips-5.0pkg:apk/chainguard/cassandra-reaperpkg:apk/chainguard/celeborn-0.5pkg:apk/chainguard/celeborn-0.6pkg:apk/chainguard/druidpkg:apk/chainguard/flywaypkg:apk/chainguard/flyway-fipspkg:apk/chainguard/grpc-java-fips-1.56.0-m2pkg:apk/chainguard/hadoop-fips-3.3.6pkg:apk/chainguard/hadoop-fips-3.4.2pkg:apk/chainguard/hono-adapter-mqttpkg:apk/chainguard/hono-service-authpkg:apk/chainguard/hono-service-command-routerpkg:apk/chainguard/hono-service-device-registry-jdbcpkg:apk/chainguard/infinispan-15.0pkg:apk/chainguard/infinispan-15.1pkg:apk/chainguard/infinispan-15.2pkg:apk/chainguard/infinispan-16.0pkg:apk/chainguard/infinispan-16.1pkg:apk/chainguard/kafbat-uipkg:apk/chainguard/kafbat-ui-fipspkg:apk/chainguard/kafka-3.7pkg:apk/chainguard/kafka-3.8pkg:apk/chainguard/kafka-3.9pkg:apk/chainguard/kayenta-2025.1pkg:apk/chainguard/kayenta-2025.2pkg:apk/chainguard/kayenta-2025.4pkg:apk/chainguard/kayenta-2026.0pkg:apk/chainguard/kayenta-2026.1pkg:apk/chainguard/kayenta-fips-2025.1pkg:apk/chainguard/kayenta-fips-2025.2pkg:apk/chainguard/kayenta-fips-2025.4pkg:apk/chainguard/kayenta-fips-2026.0pkg:apk/chainguard/kayenta-fips-2026.1pkg:apk/chainguard/keycloak-26.4pkg:apk/chainguard/keycloak-26.4-iamguarded-compatpkg:apk/chainguard/keycloak-26.5pkg:apk/chainguard/keycloak-26.5-iamguarded-compatpkg:apk/chainguard/keycloak-26.6pkg:apk/chainguard/keycloak-26.6-iamguarded-compatpkg:apk/chainguard/keycloak-fips-26.4pkg:apk/chainguard/keycloak-fips-26.4-iamguarded-fipspkg:apk/chainguard/keycloak-fips-26.5pkg:apk/chainguard/keycloak-fips-26.5-iamguarded-fipspkg:apk/chainguard/keycloak-fips-26.6pkg:apk/chainguard/keycloak-fips-26.6-iamguarded-fipspkg:apk/chainguard/kserve-modelmeshpkg:apk/chainguard/localstackpkg:apk/chainguard/management-api-for-apache-cassandra-4.0pkg:apk/chainguard/management-api-for-apache-cassandra-4.1pkg:apk/chainguard/management-api-for-apache-cassandra-5.0pkg:apk/chainguard/neo4j-2026.01pkg:apk/chainguard/neo4j-4.4pkg:apk/chainguard/neo4j-5.26pkg:apk/chainguard/pinotpkg:apk/chainguard/pinot-fipspkg:apk/chainguard/s3proxypkg:apk/chainguard/s3proxy-fipspkg:apk/chainguard/seata-serverpkg:apk/chainguard/solr-10pkg:apk/chainguard/solr-9pkg:apk/chainguard/spark-3.5-scala-2.12pkg:apk/chainguard/spark-3.5-scala-2.13pkg:apk/chainguard/spark-4.0-scala-2.13pkg:apk/chainguard/spark-4.1-scala-2.13pkg:apk/chainguard/spark-fips-3.5-scala-2.12pkg:apk/chainguard/spark-fips-3.5-scala-2.13pkg:apk/chainguard/spark-fips-4.1-scala-2.13pkg:apk/chainguard/spark-kubernetes-operatorpkg:apk/chainguard/spark-kubernetes-operator-fipspkg:apk/chainguard/strimzi-kafka-operator-cluster-operatorpkg:apk/chainguard/strimzi-kafka-operator-fips-cluster-operatorpkg:apk/chainguard/strimzi-kafka-operator-fips-kafka-agentpkg:apk/chainguard/strimzi-kafka-operator-fips-kafka-initpkg:apk/chainguard/strimzi-kafka-operator-fips-topic-operatorpkg:apk/chainguard/strimzi-kafka-operator-fips-tracing-agentpkg:apk/chainguard/strimzi-kafka-operator-fips-user-operatorpkg:apk/chainguard/strimzi-kafka-operator-kafka-agentpkg:apk/chainguard/strimzi-kafka-operator-kafka-initpkg:apk/chainguard/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/chainguard/strimzi-kafka-operator-topic-operatorpkg:apk/chainguard/strimzi-kafka-operator-tracing-agentpkg:apk/chainguard/strimzi-kafka-operator-user-operatorpkg:apk/chainguard/tezpkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/wavefront-proxypkg:apk/chainguard/wildfly-openjdk-17pkg:apk/chainguard/wildfly-openjdk-21pkg:apk/chainguard/zipkinpkg:apk/chainguard/zipkin-slimpkg:apk/chainguard/zookeeper-3.8pkg:apk/chainguard/zookeeper-3.9pkg:apk/chainguard/zookeeper-fips-3.8pkg:apk/chainguard/zookeeper-fips-3.9pkg:apk/wolfi/apache-activemq-artemispkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-pulsar-4.1pkg:apk/wolfi/apache-pulsar-4.2pkg:apk/wolfi/cassandra-5.0pkg:apk/wolfi/cassandra-reaperpkg:apk/wolfi/celeborn-0.5pkg:apk/wolfi/celeborn-0.6pkg:apk/wolfi/druidpkg:apk/wolfi/flywaypkg:apk/wolfi/infinispan-15.2pkg:apk/wolfi/infinispan-16.0pkg:apk/wolfi/infinispan-16.1pkg:apk/wolfi/kafka-3.8pkg:apk/wolfi/kafka-3.9pkg:apk/wolfi/keycloak-26.4pkg:apk/wolfi/keycloak-26.4-iamguarded-compatpkg:apk/wolfi/keycloak-26.5pkg:apk/wolfi/keycloak-26.5-iamguarded-compatpkg:apk/wolfi/keycloak-26.6pkg:apk/wolfi/keycloak-26.6-iamguarded-compatpkg:apk/wolfi/kserve-modelmeshpkg:apk/wolfi/management-api-for-apache-cassandra-4.1pkg:apk/wolfi/management-api-for-apache-cassandra-5.0pkg:apk/wolfi/neo4j-2026.01pkg:apk/wolfi/neo4j-5.26pkg:apk/wolfi/solr-10pkg:apk/wolfi/spark-3.5-scala-2.12pkg:apk/wolfi/spark-3.5-scala-2.13pkg:apk/wolfi/spark-4.0-scala-2.13pkg:apk/wolfi/spark-4.1-scala-2.13pkg:apk/wolfi/strimzi-kafka-operator-cluster-operatorpkg:apk/wolfi/strimzi-kafka-operator-kafka-agentpkg:apk/wolfi/strimzi-kafka-operator-kafka-initpkg:apk/wolfi/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/wolfi/strimzi-kafka-operator-topic-operatorpkg:apk/wolfi/strimzi-kafka-operator-tracing-agentpkg:apk/wolfi/strimzi-kafka-operator-user-operatorpkg:apk/wolfi/tezpkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/wavefront-proxypkg:apk/wolfi/wildfly-openjdk-17pkg:apk/wolfi/wildfly-openjdk-21pkg:apk/wolfi/zipkinpkg:apk/wolfi/zipkin-slimpkg:apk/wolfi/zookeeper-3.8pkg:apk/wolfi/zookeeper-3.9pkg:maven/io.netty/netty-transport-native-epoll
< 2.54.0-r0+ 184 more
- (no CPE)range: < 2.54.0-r0
- (no CPE)range: < 2.17.0-r15
- (no CPE)range: < 2.17.0-r15
- (no CPE)range: < 2.9.0-r10
- (no CPE)range: < 4.0.10-r0
- (no CPE)range: < 4.1.3-r11
- (no CPE)range: < 4.2.1-r2
- (no CPE)range: < 4.0.9-r16
- (no CPE)range: < 4.1.3-r10
- (no CPE)range: < 4.2.1-r2
- (no CPE)range: < 8.8.24-r1
- (no CPE)range: < 8.9.5-r2
- (no CPE)range: < 8.6.39-r1
- (no CPE)range: < 8.7.29-r0
- (no CPE)range: < 8.8.24-r0
- (no CPE)range: < 8.9.5-r2
- (no CPE)range: < 5.0.8-r0
- (no CPE)range: < 5.0.6-r6
- (no CPE)range: < 4.2.1-r2
- (no CPE)range: < 0.5.4-r22
- (no CPE)range: < 0.6.3-r1
- (no CPE)range: < 37.0.0-r9
- (no CPE)range: < 12.6.0-r0
- (no CPE)range: < 12.6.0-r0
- (no CPE)range: < 1.56.0-r5
- (no CPE)range: < 3.3.6-r21
- (no CPE)range: < 3.4.2-r0
- (no CPE)range: < 2.7.0-r17
- (no CPE)range: < 2.7.0-r17
- (no CPE)range: < 2.7.0-r17
- (no CPE)range: < 2.7.0-r17
- (no CPE)range: < 15.0.22-r7
- (no CPE)range: < 15.1.7-r17
- (no CPE)range: < 15.2.6-r17
- (no CPE)range: < 16.0.11-r4
- (no CPE)range: < 16.1.3-r2
- (no CPE)range: < 1.4.2-r9
- (no CPE)range: < 1.4.2-r8
- (no CPE)range: < 3.7.2-r53
- (no CPE)range: < 3.8.1-r53
- (no CPE)range: < 3.9.2-r4
- (no CPE)range: < 2025.1.6-r9
- (no CPE)range: < 2025.2.4-r5
- (no CPE)range: < 2025.4.3-r7
- (no CPE)range: < 2026.0.2-r7
- (no CPE)range: < 2026.1.0-r0
- (no CPE)range: < 2025.1.6-r10
- (no CPE)range: < 2025.2.4-r6
- (no CPE)range: < 2025.4.3-r8
- (no CPE)range: < 2026.0.2-r8
- (no CPE)range: < 2026.1.0-r0
- (no CPE)range: < 26.4.7-r9
- (no CPE)range: < 26.4.7-r9
- (no CPE)range: < 26.5.7-r1
- (no CPE)range: < 26.5.7-r1
- (no CPE)range: < 26.6.1-r2
- (no CPE)range: < 26.6.1-r2
- (no CPE)range: < 26.4.7-r14
- (no CPE)range: < 26.4.7-r14
- (no CPE)range: < 26.5.7-r0
- (no CPE)range: < 26.5.7-r0
- (no CPE)range: < 26.6.1-r6
- (no CPE)range: < 26.6.1-r6
- (no CPE)range: < 0.12.0-r31
- (no CPE)range: < 4.14.0-r11
- (no CPE)range: < 0.1.117-r0
- (no CPE)range: < 0.1.117-r0
- (no CPE)range: < 0.1.116-r0
- (no CPE)range: < 2026.01.4-r1
- (no CPE)range: < 4.4.48-r0
- (no CPE)range: < 5.26.25-r1
- (no CPE)range: < 1.5.0-r6
- (no CPE)range: < 1.5.0-r5
- (no CPE)range: < 3.1.0-r4
- (no CPE)range: < 3.1.0-r3
- (no CPE)range: < 2.6.0-r8
- (no CPE)range: < 10.0.0-r2
- (no CPE)range: < 9.10.1-r5
- (no CPE)range: < 3.5.8-r12
- (no CPE)range: < 3.5.8-r12
- (no CPE)range: < 4.0.2-r11
- (no CPE)range: < 4.1.2-r1
- (no CPE)range: < 3.5.8-r0
- (no CPE)range: < 3.5.8-r0
- (no CPE)range: < 4.1.1-r14
- (no CPE)range: < 0.9.0-r0
- (no CPE)range: < 0.9.0-r0
- (no CPE)range: < 0.51.0-r26
- (no CPE)range: < 1.0.0-r0
- (no CPE)range: < 1.0.0-r0
- (no CPE)range: < 1.0.0-r0
- (no CPE)range: < 1.0.0-r0
- (no CPE)range: < 1.0.0-r0
- (no CPE)range: < 1.0.0-r0
- (no CPE)range: < 0.51.0-r26
- (no CPE)range: < 0.51.0-r26
- (no CPE)range: < 0.51.0-r24
- (no CPE)range: < 0.51.0-r26
- (no CPE)range: < 0.51.0-r26
- (no CPE)range: < 0.51.0-r26
- (no CPE)range: < 0.10.5-r11
- (no CPE)range: < 4.3.1.1-r10
- (no CPE)range: < 4.3.1.1-r10
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 13.9-r12
- (no CPE)range: < 39.0.1-r9
- (no CPE)range: < 39.0.1-r9
- (no CPE)range: < 3.6.1-r6
- (no CPE)range: < 3.6.1-r6
- (no CPE)range: < 3.8.6-r1
- (no CPE)range: < 3.9.5-r1
- (no CPE)range: < 3.8.6-r2
- (no CPE)range: < 3.9.5-r0
- (no CPE)range: < 2.54.0-r0
- (no CPE)range: < 2.9.0-r10
- (no CPE)range: < 4.1.3-r11
- (no CPE)range: < 4.2.1-r2
- (no CPE)range: < 5.0.8-r0
- (no CPE)range: < 4.2.1-r2
- (no CPE)range: < 0.5.4-r22
- (no CPE)range: < 0.6.3-r1
- (no CPE)range: < 37.0.0-r9
- (no CPE)range: < 12.6.0-r0
- (no CPE)range: < 15.2.6-r17
- (no CPE)range: < 16.0.11-r4
- (no CPE)range: < 16.1.3-r2
- (no CPE)range: < 3.8.1-r53
- (no CPE)range: < 3.9.2-r4
- (no CPE)range: < 26.4.7-r9
- (no CPE)range: < 26.4.7-r9
- (no CPE)range: < 26.5.7-r1
- (no CPE)range: < 26.5.7-r1
- (no CPE)range: < 26.6.1-r2
- (no CPE)range: < 26.6.1-r2
- (no CPE)range: < 0.12.0-r31
- (no CPE)range: < 0.1.117-r0
- (no CPE)range: < 0.1.116-r0
- (no CPE)range: < 2026.01.4-r1
- (no CPE)range: < 5.26.25-r1
- (no CPE)range: < 10.0.0-r2
- (no CPE)range: < 3.5.8-r12
- (no CPE)range: < 3.5.8-r12
- (no CPE)range: < 4.0.2-r11
- (no CPE)range: < 4.1.2-r1
- (no CPE)range: < 0.51.0-r26
- (no CPE)range: < 0.51.0-r26
- (no CPE)range: < 0.51.0-r26
- (no CPE)range: < 0.51.0-r24
- (no CPE)range: < 0.51.0-r26
- (no CPE)range: < 0.51.0-r26
- (no CPE)range: < 0.51.0-r26
- (no CPE)range: < 0.10.5-r11
- (no CPE)range: < 4.3.1.1-r10
- (no CPE)range: < 4.3.1.1-r10
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 481-r0
- (no CPE)range: < 13.9-r12
- (no CPE)range: < 39.0.1-r9
- (no CPE)range: < 39.0.1-r9
- (no CPE)range: < 3.6.1-r6
- (no CPE)range: < 3.6.1-r6
- (no CPE)range: < 3.8.6-r1
- (no CPE)range: < 3.9.5-r1
- (no CPE)range: >= 4.2.0.Final, < 4.2.13.Final
Patches
Vulnerability mechanics
References
5- github.com/netty/netty/commit/0ec3d97fab376e243d328ac95fbd288ba0f6e22dnvdPatchWEB
- github.com/netty/netty/pull/16689nvdIssue TrackingPatchWEB
- github.com/advisories/GHSA-rwm7-x88c-3g2pghsaADVISORY
- github.com/netty/netty/security/advisories/GHSA-rwm7-x88c-3g2pnvdMitigationVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-42577ghsaADVISORY
News mentions
0No linked articles in our index yet.