VULNRABLE / Vulnerability / CVE-2026-48040
CVE-2026-48040
MEDIUM io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl GHSA
CVSS Score
5.5
Severity
MEDIUM
EPSS
0%
Source
GHSA
Summary
netty-incubator-codec-ohttp's Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access
What this means
CVE-2026-48040 is a medium-severity vulnerability affecting io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl, rated CVSS 5.5. The EPSS model estimates a 0% probability of exploitation in the next 30 days. Published June 11, 2026.
View full advisory at GHSA →