Root has patched CVE-2026-50020 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available.
{ "distro": "maven", "severity": "MEDIUM", "source": "Root", "distro_version": "" }
"root.io.22"
2.0
true
[ "4.1.118.Final-root.io.23", "4.1.126.Final-root.io.22" ]
"4.1.126.Final"
"https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2026-50020.json"
""
"4.1.126.Final-aikido.22"
[ "4.1.118.Final-aikido.23", "4.1.126.Final-aikido.22" ]