Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks...

8.7 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Description

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

AI Analysis

DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Basic Information

ID CVE-2026-45674

Source GitHub_M

Published Jun 12, 2026 at 14:17

Modified Jun 12, 2026 at 15:03

Affected Product

Vendor netty

Product netty

Version >= 4.2.0.Final, < 4.2.15.Final

Affected Versions netty netty >= 4.2.0.Final, < 4.2.15.Final
netty netty < 4.1.135.Final

CWE Classification

CWE-345

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor The Netty Project

Product Netty

Version 4.1.0.Final to 4.1.134.Final, 4.2.0.Final to 4.2.14.Final

References

{
    "lastseen": "",
    "description": "Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue.",
    "published": "2026-06-12T14:17:50.203Z",
    "modified": "2026-06-12T15:03:49.419Z",
    "type": "cve",
    "title": "Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records",
    "source": "GitHub_M",
    "references": "https://github.com/netty/netty/security/advisories/GHSA-676x-f7gg-47vc\nhttps://github.com/netty/netty/releases/tag/netty-4.1.135.Final\nhttps://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
    "id": "CVE-2026-45674",
    "bulletinFamily": "",
    "cwe": [
        "CWE-345"
    ],
    "cvelist": null,
    "sourceData": "netty netty >= 4.2.0.Final, < 4.2.15.Final\nnetty netty < 4.1.135.Final",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "netty",
    "version": ">= 4.2.0.Final, < 4.2.15.Final",
    "vendor": "netty",
    "ai_description": "DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records",
    "ai_severity": "High",
    "ai_vendor": "The Netty Project",
    "ai_product": "Netty",
    "ai_version": "4.1.0.Final to 4.1.134.Final, 4.2.0.Final to 4.2.14.Final",
    "ai_score": 8.7
}

Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records_CVE-2026-45674