CVE-2026-42580

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-42580

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-42580.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2026-42580

Aliases

GHSA-m4cv-j2px-7723

Downstream

CLEANSTART-2026-VJ37814

DEBIAN-CVE-2026-42580

MINI-283x-rw7f-6r78

MINI-2h22-vp33-65g4

MINI-2qw8-f6p3-v3h6

MINI-368p-fq9v-h4vp

MINI-39xq-9fhq-j48f

MINI-3c87-vrrq-qrhg

MINI-3pc6-r8m7-7pwr

MINI-4g8h-xjp2-3j37

MINI-4j73-rr2g-3wcp

MINI-4m86-w967-c77j

MINI-557q-3xc7-h944

MINI-55p7-9m68-h6cg

MINI-5hp4-9hcm-c448

MINI-5r4j-367p-3crc

MINI-6487-qj3g-987m

MINI-69p4-hfvh-fgmf

MINI-7267-5gp7-p6vf

MINI-7hv8-pp6g-qwc8

MINI-7vr4-6qv4-fr37

MINI-85vc-4jmc-6jr9

MINI-86wq-4f5j-x4wp

MINI-888r-hc28-h8j7

MINI-89gr-q49v-mrvc

MINI-89wm-7w32-9fjg

MINI-8vxc-r9x7-gcmc

MINI-9c7p-w6j5-qrxx

MINI-cf6v-486m-p69q

MINI-cp28-3c8p-286p

MINI-crjm-c3x8-3558

MINI-f8mv-p5mq-2684

MINI-fq9v-xmcc-75f8

MINI-fr92-fpf7-v28p

MINI-g6cw-8xfh-5whm

MINI-gphq-hjg8-662m

MINI-grqf-fm8v-h2f3

MINI-hjq5-9524-54xp

MINI-hr2g-gwp3-2jqx

MINI-j837-rf8p-wf43

MINI-jfv5-2g4g-9vwp

MINI-m343-2rqw-fx28

MINI-m3fj-7v6v-7c56

MINI-m5v6-g22v-4xmh

MINI-m8r5-gjh7-q3qw

MINI-m9q9-mpwq-62r7

MINI-mj6p-hv9v-j6pm

MINI-mphh-82g3-7jxh

MINI-pgm9-22fg-r6g6

MINI-pw63-p2p3-25wc

MINI-q43h-7j4c-96vh

MINI-q99f-m776-vm3p

MINI-r49c-p857-5wgh

MINI-rf5j-mr32-mcwh

MINI-rgh9-55jm-cvj3

MINI-rpf7-f3q9-9rr5

MINI-rwf8-ch9x-j2gp

MINI-rxmh-674g-c73p

MINI-v769-pw9g-rm4x

MINI-vvfm-87rr-vcfc

MINI-vvgp-x7mj-w65q

MINI-w7c2-g53j-86x9

MINI-wwfh-ww53-42j4

MINI-wxrc-gxrw-p569

MINI-x3h6-g9xx-jpx9

MINI-x474-jwv7-c5cm

MINI-x54r-8r39-hg22

MINI-xjr5-fqrp-9wcg

MINI-xjw5-5v2r-xjwg

MINI-xm25-gwcg-pfc2

MINI-xw9v-465w-3rxf

ROOT-APP-MAVEN-CVE-2026-42580

UBUNTU-CVE-2026-42580

openSUSE-SU-2026:10795-1

Related

Published

2026-05-13T18:04:03.690Z

Modified

2026-05-20T04:03:09.618250716Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

Netty: HTTP Request Smuggling due to incorrect chunk size parsing

Details

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42580.json",
    "cwe_ids": [
        "CWE-190",
        "CWE-444"
    ]
}

References

Affected packages

Git / github.com/netty/netty

Affected ranges

Type: GIT
Repo: https://github.com/netty/netty
Events: Introduced

5451fbb0effd8460f57013bb33aefeb953144ed9

Fixed

fb13125f135ab53203513ff603872a3abe84d38d

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-42580.json"