CVE-2026-42586 - Netty Redis Codec Encoder has a CRLF Injection Issue
CVE-2026-42586 - Netty Redis Codec Encoder has a CRLF Injection Issue
GHSA-rgrr-p7gp-5xj7 MEDIUM maven/io.netty:netty-codec-redis
CVE: CVE-2026-42586
Security Vulnerability Report: CRLF Injection in Netty Redis Codec Encoder
1. Vulnerability Summary
FieldValue **Product**Netty **Version**4.2.12.Final (and all prior versions with codec-redis) **Component**`io.netty.handler.codec.redis.RedisEncoder` **Vulnerability Type**CWE-93: Improper Neutralization of CRLF Sequences (CRLF Injection) **Impact**Redis Command Injection / Response Poisoning **Attack Vector**Network **Attack Complexity**Low **Privileges Required**None **User Interaction**None **Scope**Unchanged **Confidentiality Impact**High **Integrity Impact**High **Availability Impact**None
2. Affected Components
The following classes in the codec-redis module are affected:
io.netty.handler.codec.redis.RedisEncoder(encoder - no output validation)io.netty.handler.codec.redis.InlineCommandRedisMessage(no input validation)io.netty.handler.codec.redis.SimpleStringRedisMessage(no input validation)io.netty.handler.codec.redis.ErrorRedisMessage(no input validation)io.netty.handler.codec.redis.AbstractStringRedisMessage(base class - no validation)
3. Vulnerability Description
The Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF (\r\n) characters. Since the Redis Serialization Protocol (RESP) uses CRLF as the command/response delimiter, an attacker who can control the content of a Redis message can inject arbitrary Redis commands or forge fake responses.
Root Cause
In RedisEncoder.java, the writeString() method (lines 103-111) writes content using ByteBufUtil.writeUtf8() without any validation:
private static void writeString(ByteBufAllocator allocator, RedisMessageType type,
String content, List<Object> out) {
ByteBuf buf = allocator.ioBuffer(ty📌 来源: GitHub-Advisory | 🆔 CVE-2026-42586 | 📅 2026-05-07