Overview
This advisory addresses a known security vulnerability identified in a third-party dependency used within DPGW.
Vulnerability Details
- CVE ID: CVE-2026-33871, CVE-2026-33870
- Dependency Name: netty-transport-4.1.130
- Affected Version of Dependency: < 4.1.132, < 4.2.10
- Severity Score: CVSS-B 8.7 HIGH, 7.5 HIGH
Affected Versions of DPGW
- <= 1.13.17-REL
- <= 1.12.41-REL
- <= 1.11.46-REL
Risk Assessment & Applicability
Usage
DPGW utilizes netty transport as transitive dependency of library for accessing Azure Blob Storage and S3 storage.
Analysis
DPGW does not acts as a server for S3 / Azure object storages and uses the vunerable library only as a client. Nor denial of Service neither request smuggling attacks can affect functionality of DPGW.
Status
Unaffected
Impact on DPGW
No impact
Remediation & Mitigations
Fix
Update to: 1.12.42-REL or newer, 1.13.18-REL or newer
User Actions
No user action required.