TNCVE-2026-33870 — Vulnetix

TNCVE-2026-33870 PUBLISHED

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fix the issue.

Timeline

Mar 27, 2026 CVE Published

References

Tenable: CVE-2026-33870 advisory

Open in Interactive Console →