{"vulnerability": "CVE-2026-50011", "sightings": [{"uuid": "785fb65f-11a0-44d2-a687-abdddc04b003", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50011", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mo7v26kzmj2v", "content": "\ud83d\udfe0 CVE-2026-50011 - High (7.5)\n\nNetty is a network application framework for development of protocol servers and clients. Prior t...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-50011/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-14T04:00:33.442224Z"}, {"uuid": "ef426281-73c9-432f-8a7c-54abee137324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50011", "type": "seen", "source": "https://gist.github.com/alon710/6e083e538662dc872931a903f1bab93e", "content": "# CVE-2026-50011: CVE-2026-50011: Unbounded Resource Pre-Allocation in Netty Redis Codec\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-06-15\n> **Full Report:** https://cvereports.com/reports/CVE-2026-50011\n\n## Summary\nAn uncontrolled resource pre-allocation flaw in the Netty Redis codec module allows remote unauthenticated attackers to cause a denial of service (OutOfMemoryError) by sending a crafted Redis Serialization Protocol (RESP) array header.\n\n## TL;DR\nRemote, unauthenticated attackers can crash Netty-based Redis servers by sending a 13-byte RESP array header containing a large declared array length, triggering an immediate OutOfMemoryError.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-770\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Base Score**: 7.5 (High)\n- **Exploit Maturity**: Proof of Concept\n- **Impact Category**: Availability (Denial of Service)\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- io.netty:netty-codec-redis\n- **netty-codec-redis**: < 4.1.135.Final (Fixed in: `4.1.135.Final`)\n- **netty-codec-redis**: >= 4.2.0.Final, < 4.2.15.Final (Fixed in: `4.2.15.Final`)\n\n## Mitigation\n\n- Upgrade Netty library dependencies to the patched versions.\n- Deploy a custom Netty pipeline validation handler to drop connections presenting excessive array headers.\n\n**Remediation Steps:**\n1. Open the build configuration file (e.g., pom.xml or build.gradle) of the affected project.\n2. Identify the 'io.netty:netty-codec-redis' dependency.\n3. Update the version definition to '4.1.135.Final' or '4.2.15.Final' depending on the current active release branch.\n4. Rebuild the application and verify that transitively resolved Netty core dependencies are aligned.\n5. Deploy the updated binaries to production environments.\n\n## References\n\n- [GitHub Security Advisory GHSA-5w86-c3rq-vjj7](https://github.com/netty/netty/security/advisories/GHSA-5w86-c3rq-vjj7)\n- [Netty 4.1.135.Final Release Notes](https://github.com/netty/netty/releases/tag/netty-4.1.135.Final)\n- [Netty 4.2.15.Final Release Notes](https://github.com/netty/netty/releases/tag/netty-4.2.15.Final)\n- [NVD CVE-2026-50011 Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-50011)\n- [CVE.org Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-50011)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-50011) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T23:11:08.000000Z"}]}