PatchSiren cyber security CVE debrief
CVE-2026-45674 netty CVE debrief
CVE-2026-45674 is a HIGH severity vulnerability in Netty's DnsResolveContext. The vulnerability fails to validate the origin (bailiwick) of CNAME records in DNS responses, potentially allowing for DNS response spoofing. This issue was patched in Netty versions 4.1.135.Final and 4.2.15.Final.
- Vendor
- netty
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Netty versions prior to 4.1.135.Final and 4.2.15.Final should update to a patched version to mitigate this vulnerability.
Technical summary
Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. This could allow an attacker to manipulate DNS responses, potentially leading to security issues such as DNS spoofing.
Defensive priority
HIGH
Recommended defensive actions
- Update to Netty version 4.1.135.Final or 4.2.15.Final or later.
- Review DNS response validation in your application to ensure it is properly handling CNAME records.
Evidence notes
The CVSS score for this vulnerability is 8.7, indicating a HIGH severity. The vulnerability was published on 2026-06-12T15:16:27.550Z and last modified on 2026-06-12T15:55:06.377Z.
Official resources
CVE-2026-45674 was published on 2026-06-12T15:16:27.550Z and last modified on 2026-06-12T15:55:06.377Z.