CVE-2026-42577
Published: 13 May 2026
Summary
CVE-2026-42577 is a high-severity Missing Release of Resource after Effective Lifetime (CWE-772) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 11.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Ensures network resources are released once the session ends or becomes inactive, closing the window for missing-release weaknesses.
NVD Description
Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and,…
more
in some code paths, a 100% CPU busy-loop in the event loop thread. This vulnerability is fixed in 4.2.13.Final.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)