What is CVE-2026-45536?

CVE-2026-45536 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.0 out of 10, classified as a Information Exposure flaw (CWE-200). CVE-2026-45536 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-45536?

CVE-2026-45536 has a CVSS score of 4.0 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Is there a patch available for CVE-2026-45536?

No patch is currently available for CVE-2026-45536. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2026-45536 actively exploited?

CVE-2026-45536 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Information Exposure (CWE-200)?

The product exposes sensitive information to an actor not authorised to see it. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/200.html

CVE-2026-45536

Medium

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_unix_socket_recvFd sets msg_control to `char control[CMSG_SPACE(sizeof(int))]` (line 940) — 24 bytes on 64-bit Linux. A peer-sent SCM_RIGHTS cmsg carrying two ints has cmsg_len = CMSG_LEN(8) = 24, which fits exactly with no MSG_CTRUNC, so the kernel installs both fds in the receiving process. The subsequent check `cmsg->cmsg_len == CMSG_LEN(sizeof(int))` (line 972, expected 20) fails, the branch that would read the fd is skipped, and neither installed fd is closed. The for(;;) loop calls recvmsg again (non-blocking → EAGAIN → Java maps to 0 → read loop exits normally), leaving two leaked fds per message. There is no MSG_CTRUNC handling. Reachable via Epoll/KQueue DomainSocketChannel when the application opts into DomainSocketReadMode.FILE_DESCRIPTORS (non-default). Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Package Linux Kernel

Published 2026-06-12

Last modified 2026-06-15

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

4.0

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Vector string

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weakness type

CWE-200

CVE-2026-45536 is a Information Exposure vulnerability

What is Information Exposure?

The product exposes sensitive information to an actor not authorised to see it. Learn more on MITRE CWE

References

3 total

GitHub
https://github.com/netty/netty/security/advisories/GHSA-w573-9ffj-6ff9

Vendor Advisory
GitHub
https://github.com/netty/netty/releases/tag/netty-4.1.135.Final

Release Notes
GitHub
https://github.com/netty/netty/releases/tag/netty-4.2.15.Final

Release Notes

Details

CVE ID CVE-2026-45536

Severity Medium

CVSS score 4.0 / 10

CVSS version 3.1

Published 2026-06-12

Modified 2026-06-15

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2026-45536?

CVE-2026-45536 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.0 out of 10 , classified as an Information Exposure flaw (CWE-200) . CVE-2026-45536 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2026-45536?

CVE-2026-45536 has a CVSS score of 4.0 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.
Is there a patch available for CVE-2026-45536?

No patch is currently available for CVE-2026-45536. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2026-45536 actively exploited?

No — CVE-2026-45536 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.