CVE-2026-44249 — Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking

描述

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass the restrictions. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

如何修補 CVE-2026-44249

要修補 CVE-2026-44249,請將受影響套件升級到下列已修補版本。

Debian/netty—未列出修補版本
—升級至 4.2.15.Final 或更新版本

CVE-2026-44249 正在被利用嗎?

目前沒有被利用訊號。CVE-2026-44249 既不在 CISA KEV 也沒有最新的 EPSS 分數。

受影響套件(2)

from 0
>= 4.2.0.Final, < 4.2.15.Final

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-44249
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2026-44249
PATCHgithub.com/netty/netty
WEBgithub.com/netty/netty/releases/tag/netty-4.1.135.Final
WEB