CVE-2026-45673

medium Red Hat
CVSS v3 Base Score
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 92% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
High
Availability
None
Published: June 12, 2026 (27 days ago)
Last Modified: June 12, 2026
Vendor: Red Hat
Source: REDHAT

Description

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning (Kaminsky attack). Versions 4.1.135.Final and 4.2.15.Final patch the issue.

CWE

CWE-1241

Affected Products

Cryostat 4OpenShift ServerlessRed Hat build of Apache Camel 4 for Quarkus 3Red Hat build of Apache Camel for Spring Boot 4Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apicurio Registry 3Red Hat build of Debezium 3Red Hat Build of KeycloakRed Hat build of QuarkusRed Hat Data Grid 8

References