A vulnerability identified as problematic has been detected in Apache Fluss 0.8.0/0.9.0 . Affected by this issue is some unknown functionality of the component Netty Frame Decoder . This manipulation causes uncontrolled memory allocation. This vulnerability is handled as CVE-2026-49361 . The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.