Netty HTTP2 Server Vulnerability: Authentication Bypass

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Netty HTTP2 Server Vulnerability: Authentication Bypass

ROOT-APP-MAVEN-CVE-2025-55163

Summary

A security issue in the Netty HTTP2 server can allow attackers to bypass authentication. This affects users who use the Netty library in their applications. It's recommended to update to a patched version to prevent potential security risks.

What to do

Update io.root.io.netty:netty-codec-http2 to version 4.1.118.Final-root.io.11.

Affected software

Vendor	Product	Affected versions	Fix available
–	io.root.io.netty:netty-codec-http2	<= 4.1.118.Final-root.io.11	4.1.118.Final-root.io.11

Original title

CVE-2025-55163 in io.root.io.netty:netty-codec-http2 - Patched by Root

Original description

Root has patched CVE-2025-55163 in the io.root.io.netty:netty-codec-http2 package for Root:Maven. Multiple fixed versions available.

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 9 Apr 2026