CVE-2026-49361 – Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability

CVE ID :CVE-2026-49361

Published : June 1, 2026, 9:16 a.m. | 1 hour, 16 minutes ago

Description :Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAX_VALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting in denial of service.

This issue affects Apache Fluss (incubating): 0.8.0 and 0.9.0.

Users are recommended to upgrade to version 0.9.1, which fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-49328 – Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF

CVE-2026-25600 – Credential Exposure Vulnerability in Trac PDBM

CVE-2026-25599 – Missing authentication and clear‑text data transmission affecting Orca heat pumps

CVE-2026-10250 – itsourcecode Online Blood Bank Management System campsdetails.php sql injection