{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-48059/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-12T16:19:45.689Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-48059","@id":"https://www.cve.org/CVERecord?id=CVE-2026-48059","description":"Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested `PP2_TYPE_SSL` TLVs (type-length-value records) at depth two or greater. The leak occurs on the successful parse path — no exception is thrown, the message fires downstream, the decoder removes itself"},"products":[{"@id":"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-12T16:19:45.689Z"}]}