HIGH7.5CVE-2026-44890Netty has Unbounded Direct Memory Consumption in its RedisDecoder >= 4.2.0.Final, < 4.2.15.Final
HIGH7.5CVE-2026-44250Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays >= 4.2.0.Final, < 4.2.15.Final
MEDIUM6.8CVE-2026-42586Netty Redis Codec Encoder has a CRLF Injection Issue >= 4.2.0.Alpha1, < 4.2.13.Final
—Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
>= 4.2.0.Final, < 4.2.15.Final