Is io.netty:netty-resolver-dns affected by CVE-2026-45674?

Maven io.netty:netty-resolver-dns is affected in >=4.2.0.Final <4.2.15.Final, <4.1.135.Final.

Is CVE-2026-45674 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records