Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Netty HTTP2 library contains a security risk, patched
ROOT-APP-MAVEN-CVE-2026-33871
Summary
The Netty HTTP2 library has a security vulnerability that could allow an attacker to execute malicious code. This affects users who rely on the Netty library for HTTP2 functionality. To fix the issue, update to a patched version of the library.
What to do
- Update io.root.io.netty:netty-codec-http2 to version 4.1.118.Final-root.io.11.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | io.root.io.netty:netty-codec-http2 | <= 4.1.118.Final-root.io.11 | 4.1.118.Final-root.io.11 |
Original title
CVE-2026-33871 in io.root.io.netty:netty-codec-http2 - Patched by Root
Original description
Root has patched CVE-2026-33871 in the io.root.io.netty:netty-codec-http2 package for Root:Maven. Multiple fixed versions available.
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 9 Apr 2026