Root has patched CVE-2026-50560 in the io.root.io.netty:netty-codec-http2 package for Root:Maven. Multiple fixed versions available.
{ "source": "Root", "distro": "maven", "severity": "MEDIUM", "distro_version": "" }
"https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2026-50560.json"
"4.1.126.Final"
[ "4.1.118.Final-root.io.23", "4.1.126.Final-root.io.22" ]
true
2.0
"root.io.22"
"4.1.126.Final-aikido.22"
[ "4.1.118.Final-aikido.23", "4.1.126.Final-aikido.22" ]
""