Main Vulnerability Database Exploits ID:12518 - Exploit for Inconsistent interpretation of HTTP requests in Netty - CVE-2026-33870

ID:12518 - Exploit for Inconsistent interpretation of HTTP requests in Netty - CVE-2026-33870

Published: March 25, 2026

Vulnerability identifier: #VU124422

Vulnerability risk: Medium

CVE-ID: CVE-2026-33870

CWE-ID: CWE-444

Exploitation vector: Remote access

Vulnerable software:
Netty

Link to public exploit:

https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8/#poc

Vulnerability description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests within chunked transfer encoding extension values. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Remediation

Install updates from vendor's website.

ID:12518 - Exploit for Inconsistent interpretation of HTTP requests in Netty - CVE-2026-33870

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human