VYPR

Maven package

io.netty/netty-codec-mqtt

pkg:maven/io.netty/netty-codec-mqtt

Vulnerabilities (1)

  • CVE-2026-44248MedMay 13, 2026
    affected >= 4.2.0.Alpha1, < 4.2.13.Finalfixed 4.2.13.Final

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader() method is