{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-33870","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-03-24T15:10:05.678Z","datePublished":"2026-03-27T19:54:15.586Z","dateUpdated":"2026-07-03T12:04:50.366Z"},"containers":{"cna":{"title":"Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing","problemTypes":[{"descriptions":[{"cweId":"CWE-444","lang":"en","description":"CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8","tags":["x_refsource_CONFIRM"],"url":"https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8"},{"name":"https://w4ke.info/2025/06/18/funky-chunks.html","tags":["x_refsource_MISC"],"url":"https://w4ke.info/2025/06/18/funky-chunks.html"},{"name":"https://w4ke.info/2025/10/29/funky-chunks-2.html","tags":["x_refsource_MISC"],"url":"https://w4ke.info/2025/10/29/funky-chunks-2.html"},{"name":"https://www.rfc-editor.org/rfc/rfc9110","tags":["x_refsource_MISC"],"url":"https://www.rfc-editor.org/rfc/rfc9110"}],"affected":[{"vendor":"netty","product":"netty","versions":[{"version":"< 4.1.132.Final","status":"affected"},{"version":">= 4.2.0.Alpha1, < 4.2.10.Final","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-03-27T19:54:15.586Z"},"descriptions":[{"lang":"en","value":"Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fix the issue."}],"source":{"advisory":"GHSA-pwqr-wmgm-9rr8","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-31T13:55:28.970197Z","id":"CVE-2026-33870","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-31T13:55:47.863Z"}},{"affected":[{"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"defaultStatus":"affected","product":"Red Hat JBoss EAP 8.1 for RHEL 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:cryostat:4::el9"],"defaultStatus":"affected","product":"Cryostat 4 on RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","product":"Red Hat JBoss EAP 8.1 for RHEL 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_broker:7.12"],"defaultStatus":"affected","product":"Red Hat AMQ Broker 7.12.7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_broker:7.13"],"defaultStatus":"affected","product":"Red Hat AMQ Broker 7.13.5","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_broker:7.14"],"defaultStatus":"affected","product":"Red Hat AMQ Broker 7.14.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:apache_camel_quarkus:3.27"],"defaultStatus":"affected","product":"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_data_grid:8"],"defaultStatus":"affected","product":"Red Hat Data Grid 8.6.1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"defaultStatus":"affected","product":"Red Hat JBoss Enterprise Application Platform 8.1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift AI 2.25","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_devspaces:3.27::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Dev Spaces 3.27","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"],"defaultStatus":"affected","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quarkus:3.20::el8"],"defaultStatus":"affected","product":"Red Hat build of Quarkus 3.20.6","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quarkus:3.27::el8"],"defaultStatus":"affected","product":"Red Hat build of Quarkus 3.27.3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_streams:2.9::el9"],"defaultStatus":"affected","product":"Streams for Apache Kafka 2.9.4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_streams:3.2::el9"],"defaultStatus":"affected","product":"Streams for Apache Kafka 3.2.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:logging:5"],"defaultStatus":"affected","product":"Logging Subsystem for Red Hat OpenShift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:serverless:1"],"defaultStatus":"affected","product":"OpenShift Serverless","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_clients:2023"],"defaultStatus":"affected","product":"Red Hat AMQ Clients","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:apache_camel_hawtio:4"],"defaultStatus":"affected","product":"Red Hat build of Apache Camel - HawtIO 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:camel_quarkus:3"],"defaultStatus":"affected","product":"Red Hat build of Apache Camel 4 for Quarkus 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_registry:2"],"defaultStatus":"affected","product":"Red Hat build of Apicurio Registry 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:apicurio_registry:3"],"defaultStatus":"affected","product":"Red Hat build of Apicurio Registry 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:debezium:3"],"defaultStatus":"affected","product":"Red Hat build of Debezium 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:build_keycloak:"],"defaultStatus":"affected","product":"Red Hat Build of Keycloak","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:optaplanner:::el6"],"defaultStatus":"affected","product":"Red Hat build of OptaPlanner 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux_ai:3"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_fuse:7"],"defaultStatus":"affected","product":"Red Hat Fuse 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"],"defaultStatus":"affected","product":"Red Hat JBoss Enterprise Application Platform 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"],"defaultStatus":"affected","product":"Red Hat Process Automation 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"],"defaultStatus":"affected","product":"Red Hat Single Sign-On 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jbosseapxp"],"defaultStatus":"unaffected","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:satellite:6"],"defaultStatus":"unaffected","product":"Red Hat Satellite 6","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_streams:3"],"defaultStatus":"unaffected","product":"streams for Apache Kafka 3","vendor":"Red Hat"}],"datePublic":"2026-03-27T19:54:15.586Z","descriptions":[{"lang":"en","value":"A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass security controls or access unauthorized information."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-444","description":"Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-33870"},{"name":"RHBZ#2452453","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452453"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33870.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:18054"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17789"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:18055"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:14276"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:14272"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8509"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8159"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:18059"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17668"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:7109"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:7380"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:34608"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:13571"}],"solutions":[{"lang":"en","value":"RHSA-2026:18054: Red Hat JBoss EAP 8.1 for RHEL 8"},{"lang":"en","value":"RHSA-2026:17789: Cryostat 4 on RHEL 9"},{"lang":"en","value":"RHSA-2026:18055: Red Hat JBoss EAP 8.1 for RHEL 9"},{"lang":"en","value":"RHSA-2026:14276: Red Hat AMQ Broker 7.12.7"},{"lang":"en","value":"RHSA-2026:14272: Red Hat AMQ Broker 7.13.5"},{"lang":"en","value":"RHSA-2026:8509: Red Hat AMQ Broker 7.14.0"},{"lang":"en","value":"RHSA-2026:8159: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"},{"lang":"en","value":"RHSA-2026:22619: Red Hat Data Grid 8.6.1"},{"lang":"en","value":"RHSA-2026:18059: Red Hat JBoss Enterprise Application Platform 8.1"},{"lang":"en","value":"RHSA-2026:10184: Red Hat OpenShift AI 2.25"},{"lang":"en","value":"RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"},{"lang":"en","value":"RHSA-2026:17668: Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14"},{"lang":"en","value":"RHSA-2026:7109: Red Hat build of Quarkus 3.20.6"},{"lang":"en","value":"RHSA-2026:7380: Red Hat build of Quarkus 3.27.3"},{"lang":"en","value":"RHSA-2026:34608: Streams for Apache Kafka 2.9.4"},{"lang":"en","value":"RHSA-2026:13571: Streams for Apache Kafka 3.2.0"}],"timeline":[{"lang":"en","time":"2026-03-27T21:01:59.865Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-27T19:54:15.586Z","value":"Made public."}],"title":"io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-03T12:04:50.366Z"}}]}}