CVE-2026-45673
Analyzed Analyzed - Analysis Complete

DNS Cache Poisoning in Netty Framework

Vulnerability report for CVE-2026-45673, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-12

Last updated on: 2026-06-15

Assigner: GitHub, Inc.

Description

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning (Kaminsky attack). Versions 4.1.135.Final and 4.2.15.Final patch the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-12
Last Modified
2026-06-15
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-07-01
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
netty netty to 4.1.135 (exc)
netty netty From 4.2.0 (inc) to 4.2.15 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-330 The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
CWE-340 The product uses a scheme that generates numbers or identifiers that are more predictable than required.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-45673 is a vulnerability in the Netty network application framework's DNS resolver. Prior to versions 4.1.135.Final and 4.2.15.Final, the DNS resolver used a predictable pseudo-random number generator (PRNG) to generate DNS transaction IDs and defaulted to a static UDP source port. This combination reduces the randomness (entropy) of DNS queries.

Because of this reduced entropy, attackers can predict DNS query sequences and exploit this to perform DNS Cache Poisoning attacks, such as the Kaminsky attack. This allows attackers to spoof DNS responses and redirect users to malicious servers.

Impact Analysis

This vulnerability can allow attackers to manipulate DNS responses by performing DNS Cache Poisoning. As a result, users or systems relying on the affected Netty DNS resolver may be redirected to malicious websites or servers controlled by attackers.

Such redirection can lead to phishing, malware distribution, data interception, or disruption of network services, impacting the integrity of network communications.

Detection Guidance

This vulnerability involves predictable DNS transaction IDs and static UDP source ports in Netty's DNS resolver, which can be detected by analyzing DNS query patterns and source ports used by the application.

To detect this on your system, you can monitor DNS traffic generated by Netty-based applications and check if the DNS transaction IDs are predictable or if the UDP source port remains static across queries.

  • Use packet capture tools like tcpdump or Wireshark to capture DNS traffic from the affected system.
  • Example tcpdump command to capture DNS queries: tcpdump -i <interface> udp port 53 -w dns_traffic.pcap
  • Analyze the captured traffic in Wireshark to observe DNS transaction IDs and source ports for randomness.
  • Look for repeated or sequential DNS transaction IDs and static UDP source ports, which indicate the vulnerability.
Mitigation Strategies

The primary mitigation step is to upgrade Netty to a patched version where this vulnerability is fixed.

  • Upgrade to Netty version 4.1.135.Final or 4.2.15.Final or later, as these versions include fixes for the predictable DNS transaction ID and static UDP source port issues.

Until the upgrade can be applied, consider monitoring DNS traffic closely for suspicious activity and restrict network access to trusted sources to reduce the risk of DNS cache poisoning.

Compliance Impact

The vulnerability in Netty's DNS resolver allows DNS Cache Poisoning attacks, which can enable attackers to redirect users to malicious sites or disrupt network services by manipulating DNS responses.

Such attacks can compromise the integrity of network communications and potentially lead to unauthorized access or data interception.

While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, vulnerabilities that allow DNS cache poisoning and traffic redirection can increase risks related to data integrity and confidentiality, which are critical aspects of these regulations.

Therefore, organizations using vulnerable versions of Netty may face challenges in maintaining compliance with security requirements of common standards and regulations due to the increased risk of data manipulation or interception.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45673. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart