CVE-2026-33870 - Vulnerability Analysis
HighCVSS: 7.5Last Updated: March 30, 2026
Netty - HTTP Request Smuggling
Overview
Netty < 4.1.132.Final and < 4.2.10.Final contains an HTTP request smuggling vulnerability caused by incorrect parsing of quoted strings in HTTP/1.1 chunked transfer encoding extension values, letting remote attackers perform request smuggling, exploit requires crafted HTTP requests.
Severity & Score
Impact
Attackers can perform HTTP request smuggling, potentially bypassing security controls and interfering with web traffic.
Mitigation
Upgrade to versions 4.1.132.Final or 4.2.10.Final or later.
References
Social Media Activity(2 posts)
š CVE-2026-33870 - High (7.5) Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling a... š https://www.thehackerwire.com/vulnerability/CVE-2026-33870/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš CVE-2026-33870 - High (7.5) Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling a... š https://www.thehackerwire.com/vulnerability/CVE-2026-33870/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33870
- Severity
- High
- CVSS Score
- 7.5
- Type
- http_request_smuggling
- Status
- confirmed
- EPSS
- 2.9%
- Social Posts
- 2
CWE
- CWE-444
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N