Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-13T17:54:44 netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CWE-444

A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.

This is an Important flaw. Netty's HttpObjectDecoder, used across various Red Hat products, improperly handles conflicting `Transfer-Encoding: chunked` and `Content-Length` headers in HTTP/1.0 requests. This allows a remote attacker to perform HTTP request smuggling, potentially bypassing security controls or gaining unauthorized access to information due to misinterpretation of message boundaries by downstream proxies or handlers. Cryostat 4 Under investigation netty-codec-http OpenShift Serverless Under investigation openshift-serverless-1/kn-ekb-dispatcher-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-ekb-receiver-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-ddb-streams-source-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-s3-sink-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-s3-source-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-sns-sink-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-sqs-sink-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-sqs-source-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-log-sink-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-timer-source-rhel9 Red Hat AMQ Broker 7 Under investigation netty-codec-http Red Hat AMQ Clients Under investigation netty-codec-http Red Hat build of Apache Camel 4 for Quarkus 3 Under investigation netty-codec-http Red Hat build of Apache Camel for Spring Boot 4 Under investigation netty-codec-http Red Hat build of Apicurio Registry 2 Under investigation netty-codec-http Red Hat build of Apicurio Registry 3 Under investigation netty-codec-http Red Hat build of Debezium 3 Under investigation netty-codec-http Red Hat Build of Keycloak Under investigation netty-codec-http Red Hat Build of Keycloak Under investigation rhbk/keycloak-rhel9 Red Hat Build of Keycloak Under investigation rhbk/keycloak-rhel9-operator Red Hat Build of Keycloak Under investigation rhbk-openshift-rhel9/rhbk-openshift-rhel9 Red Hat Build of Keycloak Under investigation rhbk-rhel9-operator/rhbk-rhel9-operator Red Hat build of OptaPlanner 8 Under investigation netty-codec-http Red Hat build of Quarkus Under investigation netty-codec-http Red Hat Data Grid 8 Under investigation netty-codec-http Red Hat Enterprise Linux AI (RHEL AI) 3 Under investigation bazel6 Red Hat Enterprise Linux AI (RHEL AI) 3 Under investigation bazel7 Red Hat Enterprise Linux AI (RHEL AI) 3 Under investigation bazel8 Red Hat Fuse 7 Under investigation netty-codec-http Red Hat JBoss Enterprise Application Platform 7 Under investigation netty-codec-http Red Hat JBoss Enterprise Application Platform 8 Under investigation netty-codec-http Red Hat JBoss Enterprise Application Platform Expansion Pack Under investigation netty-codec-http Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-modelmesh-rhel8 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-modelmesh-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-spark-operator-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-th06-cpu-torch210-py312-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-th06-cpu-torch291-py312-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-th06-cuda130-torch210-py312-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-th06-cuda130-torch291-py312-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-th06-rocm64-torch291-py312-rhel9 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-trustyai-service-rhel8 Red Hat OpenShift AI (RHOAI) Under investigation rhoai/odh-trustyai-service-rhel9 Red Hat OpenShift Dev Spaces Under investigation devspaces/multicluster-redirector-rhel9 Red Hat OpenShift Dev Spaces Under investigation devspaces/openvsx-rhel9 Red Hat OpenShift Dev Spaces Under investigation devspaces/pluginregistry-rhel9 Red Hat OpenShift Dev Spaces Under investigation devspaces/server-rhel9 Red Hat Process Automation 7 Under investigation netty-codec-http Red Hat Satellite 6 Under investigation candlepin Red Hat Satellite 6 Under investigation satellite:el8/candlepin Red Hat Single Sign-On 7 Under investigation netty-codec-http streams for Apache Kafka 2 Not affected netty-codec-http streams for Apache Kafka 3 Under investigation netty-codec-http https://www.cve.org/CVERecord?id=CVE-2026-42581 https://nvd.nist.gov/vuln/detail/CVE-2026-42581 https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9