CVE-2026-45673: Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
(updated )
Netty’s DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning (Kaminsky attack).
References
Code Behaviors & Features
Detect and mitigate CVE-2026-45673 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →