HIGH
Netty
CVE published 2026-05-13
CVE-2026-42584
CVE-2026-42584 is a Netty HTTP client desynchronization issue affecting versions before 4.1.133.Final and 4.2.13.Final. In the vulnerable flow, HttpClientCodec can pair inbound responses to outbound requests incorrectly when pipelined requests include a GET followed by a HEAD and the server sends a 103 interim response, then a 200 for the GET body, then a 200 for the HEAD. The mismatch can cause the HEAD [truncated]