Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Netty HTTP Library Allows Arbitrary Code Execution
ROOT-APP-MAVEN-CVE-2026-33870
Summary
A security patch has been released for the Netty HTTP library, which allows attackers to execute arbitrary code on your system. This affects users who use the library in their applications. To stay secure, update to the latest version of the library as soon as possible.
What to do
- Update io.root.io.netty:netty-codec-http to version 4.1.118.Final-root.io.11.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | io.root.io.netty:netty-codec-http | <= 4.1.118.Final-root.io.11 | 4.1.118.Final-root.io.11 |
Original title
CVE-2026-33870 in io.root.io.netty:netty-codec-http - Patched by Root
Original description
Root has patched CVE-2026-33870 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available.
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 9 Apr 2026