CVE-2026-41207
HKDF Key Material Failure in Netty Incubator Codec.BHTTP
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netty | codec.bhttp | to 0.0.21.final (exc) |
| netty | netty_incubator_codec_ohttp | to 0.0.21.Final (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-330 | The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in netty incubator codec.bhttp involves the HPKE (Hybrid Public Key Encryption) implementation where certain functions like HKDF_expand and EVP_HPKE_CTX_export return non-NULL but invalid outputs on failure. Specifically, they return byte arrays filled with zeros that cannot be distinguished from valid outputs.
These zero-filled byte arrays are used as key material for AEAD encryption in the response process. Because the failure is silent and produces a deterministic, attacker-predictable AEAD key, it compromises the security of the encryption.
The issue was fixed in version 0.0.21.Final by modifying the HPKEContext methods to throw exceptions on failure instead of returning invalid data, ensuring that errors are properly handled and invalid keys are not used.
How can this vulnerability impact me? :
This vulnerability can lead to the use of an all-zero, deterministic AEAD encryption key when certain cryptographic operations fail silently. As a result, encrypted responses could be encrypted with predictable keys, allowing attackers to potentially decrypt or tamper with the data.
Such predictable encryption keys undermine the confidentiality and integrity of communications, exposing sensitive information and enabling attacks such as message forgery or replay.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the netty-incubator-codec-ohttp library to version 0.0.21.Final or later.
This version patches the issue by modifying the HPKEContext implementations to properly signal failures via exceptions instead of returning empty byte arrays filled with zeros, preventing the use of attacker-predictable AEAD keys.
Ensure that your code handles CryptoException properly when calling HPKEContext methods such as export, extract, and expand, to avoid silent failures.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes the generation of deterministic, attacker-predictable AEAD keys due to silent failures producing all-zero key material. This undermines the confidentiality and integrity of encrypted data, which are critical requirements under common standards and regulations such as GDPR and HIPAA.
By potentially allowing attackers to predict encryption keys, this flaw could lead to unauthorized data access or data breaches, thereby violating data protection obligations mandated by these regulations.
Therefore, systems using vulnerable versions of the netty-incubator-codec-ohttp library may fail to meet the security controls required for compliance until they apply the patch in version 0.0.21.Final.