VYPR
High severity7.5GHSA Advisory· Published May 13, 2026· Updated May 18, 2026

CVE-2026-42577

CVE-2026-42577

Description

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100% CPU busy-loop in the event loop thread. This vulnerability is fixed in 4.2.13.Final.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.netty:netty-transport-native-epollMaven
>= 4.2.0.Final, < 4.2.13.Final4.2.13.Final

Affected products

186

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.