CVE-2026-42585

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-42585

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-42585.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2026-42585

Aliases

GHSA-38f8-5428-x5cv

Downstream

CLEANSTART-2026-VJ37814

DEBIAN-CVE-2026-42585

MINI-2pwr-w2cr-mmx6

MINI-329j-rq8g-hfhf

MINI-35rx-rfc5-p448

MINI-38c4-cvq8-qxf7

MINI-3f85-v3px-6229

MINI-3v9c-4966-v258

MINI-3vqm-cv82-xrrf

MINI-45q3-whjp-72xc

MINI-4m9v-5cx7-w9xw

MINI-55fw-53pr-627f

MINI-5j7c-7rqg-82jm

MINI-6hvq-c7pp-36fr

MINI-6jwj-gw8w-4j4m

MINI-6m25-pvjj-ffpw

MINI-6r7j-2hg8-g3vw

MINI-6wwf-2467-pfgj

MINI-6x6v-2rh2-v445

MINI-754g-722h-xcjg

MINI-778x-wpj9-436p

MINI-7gcj-55p5-648x

MINI-86cm-2gr9-r3gm

MINI-86p3-653f-4mm7

MINI-8ch9-vf5f-gvw9

MINI-9f4c-27p8-cw6x

MINI-9rfx-2r68-qjvc

MINI-c3r2-ff98-6655

MINI-c7r5-p7vw-x7fq

MINI-c9gc-9xqg-6mvc

MINI-c9rp-j7rr-qfrg

MINI-ch25-ghq7-w783

MINI-ch46-pj44-fr37

MINI-cp3g-qcrp-w73w

MINI-cq5w-v252-pgmg

MINI-cq7x-hr3w-pgrm

MINI-cqpx-r5v2-ggwm

MINI-crv5-p8xf-j2q7

MINI-f4rq-6rq4-4frf

MINI-f6fj-gvmq-3r7w

MINI-fm6w-6j82-3xjg

MINI-g73j-8vr7-8v6x

MINI-g74c-8v4g-vg2x

MINI-h68w-88g5-6c27

MINI-h8hr-9448-p25f

MINI-h922-mxw3-cwmv

MINI-hw34-6964-w983

MINI-j7gc-7qx3-8wwm

MINI-jfh2-p63q-jwp6

MINI-jj38-r8c3-jxqh

MINI-m67q-jgh8-mx24

MINI-mq99-ch47-vgfc

MINI-p7hg-f43r-cx2x

MINI-ph9m-pmrp-jg27

MINI-pxx3-v887-jcr3

MINI-r2ch-vc5r-phpx

MINI-rh28-cp32-j889

MINI-rprg-6crx-mpqm

MINI-rv4m-vxv3-hmfq

MINI-v4mm-3928-xphj

MINI-vmc2-wfhh-4cfw

MINI-vxfr-p27c-9342

MINI-wp4c-ccv8-j8pv

MINI-wpv2-vq56-82m7

MINI-ww48-rcg6-7qvv

MINI-wwm8-f8wq-cx6q

MINI-x2h9-5q8p-7pr2

MINI-x5vr-3cg8-wwqm

MINI-xcph-7987-f839

MINI-xrm4-8ww9-mhw3

MINI-xrwr-w9wj-2v98

ROOT-APP-MAVEN-CVE-2026-42585

UBUNTU-CVE-2026-42585

openSUSE-SU-2026:10795-1

Related

Published

2026-05-13T18:12:39.586Z

Modified

2026-05-20T04:03:09.618685438Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Netty: HTTP Request Smuggling due to malformed Transfer-Encoding

Details

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42585.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-444"
    ]
}

References

Affected packages

Git / github.com/netty/netty

Affected ranges

Type: GIT
Repo: https://github.com/netty/netty
Events: Introduced

5451fbb0effd8460f57013bb33aefeb953144ed9

Fixed

fb13125f135ab53203513ff603872a3abe84d38d

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-42585.json"