A vulnerability classified as critical was found in netty netty-codec-http up to 4.1.133.Final/4.2.13.Final . Affected is an unknown function. Such manipulation leads to http request smuggling. This vulnerability is uniquely identified as CVE-2026-42580 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.