Product
A high-severity denial of service vulnerability, identified as CVE-2026-44891, exists in the `StompSubframeDecoder` component of Netty's `netty-codec-stomp` library, allowing an unauthenticated attacker to exhaust server memory and cause an `OutOfMemoryError` by sending a STOMP message with an excessive number of headers, leading to application crashes.