[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"public-cve-CVE-2026-44892":3,"news-by-cve-CVE-2026-44892-10":58},{"source_identifier":4,"nvd_cvss_score":5,"kev_ransomware_use":6,"attack_technique_count":7,"remediation_summary":8,"references_preview":9,"id":15,"state":16,"cvss_score":5,"nvd_cvss_vector":17,"description":18,"sectors":19,"tags":21,"attack_techniques":22,"has_exploit":6,"exploit_count":30,"has_nuclei_templates":6,"has_attack_graph":31,"affected_products_preview":32,"assigner_short_name":37,"cvss_vector":17,"cvss_source":38,"date_published":39,"date_updated":40,"nuclei_template_count":30,"attack_tactics":41,"sources":42,"cvss_version":43,"nvd_cvss_severity":44,"has_workaround":6,"affected_product_count":7,"weaknesses":45,"vendor_context":50,"has_ai_summary":6,"assigner_org":37,"cvss_severity":44,"in_kev":6,"has_solution":6,"reference_count":56,"title":57},"a0819718-46f1-4df5-94e2-005712e83aaa",7.5,false,1,{"has_patch":6,"has_workaround":6},[10,13],{"url":11,"source":12},"https://github.com/netty/netty/security/advisories/GHSA-c2rx-5r8w-8xr2","cvelist",{"url":14,"source":12},"https://github.com/netty/netty/releases/tag/netty-4.2.15.Final","CVE-2026-44892","PUBLISHED","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the `Http3ConnectionHandler` in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify `HTTP3_SETTINGS_MAX_FIELD_SECTION_SIZE`, the implementation defaults to an unbounded limit. This insecure default configuration allows a malicious client or server to send an enormous number of headers, leading to a memory exhaustion Denial of Service via an `OutOfMemoryError`. Version 4.2.15.Final contains a patch.",[20],"oss-libraries",[],[23],{"confidence":24,"technique_id":25,"technique_name":26,"tactic":27,"tactic_name":28,"url":29},"high","T1499","Endpoint Denial of Service","impact","Impact","https://attack.mitre.org/techniques/T1499/",0,true,[33],{"product":34,"sector":20,"subsector":35,"deployment":36,"vendor":34},"netty","generic-library","library","","nvd","2026-06-12T05:04:58Z","2026-06-12T05:16:32Z",[28],[12,38],"3.1","HIGH",[46,48],{"cwe_id":47,"name":37},"CWE-400",{"cwe_id":49,"name":37},"CWE-1188",[51],{"sector":20,"subsector":35,"vendor":34,"vendor_type":52,"aliases":53},"oss-project",[54,55],"io.netty:netty","netty-incubator-codec-ohttp",2,"Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size",{"cve_id":15,"items":59,"total":30},[]]