Maven package
io.netty/netty-codec-mqtt
pkg:maven/io.netty/netty-codec-mqtt
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44248 | Med | 5.3 | >= 4.2.0.Alpha1, < 4.2.13.Final | 4.2.13.Final | May 13, 2026 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader() method is |
- affected >= 4.2.0.Alpha1, < 4.2.13.Finalfixed 4.2.13.Final
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader() method is