io.netty:netty-codec-http3 (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package io.netty:netty-codec-http3, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2026-42582 — CVSS 7.5 (high): Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman…
CVE-2026-44892 — CVSS 7.5 (high): Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default…
CVE-2026-48748 — CVSS 7.5 (high): Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory…