SB2026061239 - IBM App Connect for Manufacturing update for Netty

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026061239

SB2026061239 - IBM App Connect for Manufacturing update for Netty

Published: June 12, 2026

Security Bulletin ID SB2026061239
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) CRLF injection (CVE-ID: CVE-2026-41417)

CWE-ID: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to inject additional HTTP or RTSP requests.

The vulnerability exists due to improper neutralization of CRLF sequences in DefaultHttpRequest.setUri() and DefaultFullHttpRequest.setUri() when encoding attacker-controlled URIs into request lines through HttpRequestEncoder or RtspEncoder. A remote attacker can supply a specially crafted URI containing CRLF sequences to inject additional HTTP or RTSP requests.

Exploitation requires an application to create the request object first, later modify it through setUri(), and then serialize it with HttpRequestEncoder or RtspEncoder.


Remediation

Install update from vendor's website.

References