Netty Codec Vulnerability Brings About Redis Network Interruptions

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-48006 with a CVSS score of 8.7 is a vulnerability in the Netty framework, specifically in the netty-codec-redis package, where the RedisArrayAggregator handler fails to properly release pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregation operation completes. An attacker can exploit this vulnerability by repeatedly establishing and closing Redis connections, requiring network access to the affected system. Successful exploitation can cause a denial-of-service condition by continuously draining the JVM-wide direct-memory pool, leading to allocation failures across Netty channels within the affected process. This can significantly impact system availability and reliability, particularly in environments that rely on Netty for network communication. Exploitation requires the ability to establish and terminate Redis connections repeatedly to exhaust the shared memory pool.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

RECOMMENDATION:

We recommend you to update io.netty:netty-codec-redis to below version:
https://github.com/advisories/GHSA-6jv9-x5w9-2ccm

REFERENCES:

The following reports contain further technical details:

https://github.com/advisories/GHSA-6jv9-x5w9-2ccm

[/emaillocker]

Recent Advisories

BLUERABBIT Backdoor Extends Encryption and Storage Access Risks

June 12, 2026

CodeIgniter4 Vulnerability Initiates Unrestricted Component Insertion Sequences

June 12, 2026

Russh Vulnerability Generates SSH Consumption Failures

June 12, 2026

Critical HTTP.sys Vulnerability Introduces Windows Server Breach Faults

June 12, 2026

Netty Codec Vulnerability Brings About Redis Network Interruptions

Recent Advisories

Report an Incident