diff --git a/build-tools-internal/version.properties b/build-tools-internal/version.properties
index 9d404cc4127b..1bd32ead87c7 100644
--- a/build-tools-internal/version.properties
+++ b/build-tools-internal/version.properties
@@ -14,7 +14,7 @@ log4j             = 2.19.0
 slf4j             = 2.0.6
 ecsLogging        = 1.2.0
 jna               = 5.12.1
-netty             = 4.1.115.Final
+netty             = 4.1.118.Final
 commons_lang3     = 3.9
 google_oauth_client = 1.34.1
 awsv1sdk            = 1.12.270
diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index 52d9ecc96e99..f13498e171cf 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -1404,114 +1404,74 @@
             <sha256 value="a3ebec96768ee4a2d3db44597e84cea2d0bdd68ca04822397980ea9f67075a86" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-buffer" version="4.1.115.Final">
-         <artifact name="netty-buffer-4.1.115.Final.jar">
-            <sha256 value="4a7b331d3770c566ab70eb02a0d1feed63b95cf6e4d68c8fe778c4c9de2d116d" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-buffer" version="4.1.118.Final">
+         <artifact name="netty-buffer-4.1.118.Final.jar">
+            <sha256 value="0eea4e8666a9636a28722661d8ba5fa8564477e75fec6dd2ff3e324e361f8b3c" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-buffer" version="4.1.42.Final">
-         <artifact name="netty-buffer-4.1.42.Final.jar">
-            <sha256 value="7b0171a4e8bcd573e08d9f2bba053c67b557ab5012106a5982ccbae5743814c0" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-codec" version="4.1.118.Final">
+         <artifact name="netty-codec-4.1.118.Final.jar">
+            <sha256 value="4abd215fd1ed7ce86509d169cc9cbede5042176c265a79b3b70602b017226c3f" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-codec" version="4.1.115.Final">
-         <artifact name="netty-codec-4.1.115.Final.jar">
-            <sha256 value="cd189afb70ec6eacfcdfdd3a5f472b4e705a5c91d5bd3ef0386421f2ae15ec77" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-codec-dns" version="4.1.118.Final">
+         <artifact name="netty-codec-dns-4.1.118.Final.jar">
+            <sha256 value="e115e42ca1e3cc8d85e3a632d8faa102d18c0ebc1fa4511af30bec79f8c147d4" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-codec" version="4.1.42.Final">
-         <artifact name="netty-codec-4.1.42.Final.jar">
-            <sha256 value="e96ced697fb7df589da7c20c995e01f75a9cb246be242bbc4cd3b4af424ff189" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-codec-http" version="4.1.118.Final">
+         <artifact name="netty-codec-http-4.1.118.Final.jar">
+            <sha256 value="09822d785e9a794838031ddd5346cf419b30c036a981c2e277a062bea884174b" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-codec-dns" version="4.1.115.Final">
-         <artifact name="netty-codec-dns-4.1.115.Final.jar">
-            <sha256 value="23dd6806bcc326855f13e69838c6411d0490e6b1aeb12e217a19a3dd6ad3f10d" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-codec-http2" version="4.1.118.Final">
+         <artifact name="netty-codec-http2-4.1.118.Final.jar">
+            <sha256 value="68da0b1a34dceb00a6f9f6f788fb2f6b7b9e4adba8c70658ac2bd7eb898b97ae" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-codec-http" version="4.1.115.Final">
-         <artifact name="netty-codec-http-4.1.115.Final.jar">
-            <sha256 value="e6dbe971c59373bbae9802021c63b9bc1d8800fead382863d67e79e79b023166" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-codec-socks" version="4.1.118.Final">
+         <artifact name="netty-codec-socks-4.1.118.Final.jar">
+            <sha256 value="094465e3cfb3aef0fca38ed82b801f53a6c8be7ae1f83ab0c1b2e8ece2586840" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-codec-http2" version="4.1.115.Final">
-         <artifact name="netty-codec-http2-4.1.115.Final.jar">
-            <sha256 value="cbed9829a5d582e91e314e209edce9a0c2eb369f23bb4fb74a5bc8b7990222c2" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-common" version="4.1.118.Final">
+         <artifact name="netty-common-4.1.118.Final.jar">
+            <sha256 value="65cce901ecf0f9d6591cc7750772614ab401a84415dc9aec9da4d046f0f9a77c" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-codec-socks" version="4.1.115.Final">
-         <artifact name="netty-codec-socks-4.1.115.Final.jar">
-            <sha256 value="e9b1cc744dc6195894450b1fd4d271a821ab167fe21ae3c459b27cdadc70e81f" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-handler" version="4.1.118.Final">
+         <artifact name="netty-handler-4.1.118.Final.jar">
+            <sha256 value="26e3f8a5e859fd62cf3c13dc6d75e4e18879f000a5d0ad7f58f8679675d23dae" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-common" version="4.1.115.Final">
-         <artifact name="netty-common-4.1.115.Final.jar">
-            <sha256 value="39f1b5a2aaa4eab5d036dfd0486e35a4276df412e092d36b2d88b494705a134d" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-handler-proxy" version="4.1.118.Final">
+         <artifact name="netty-handler-proxy-4.1.118.Final.jar">
+            <sha256 value="fef926126f44c668968dd3e2389c2552981d452e6dfc23b1f9bd03db92c21f96" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-common" version="4.1.42.Final">
-         <artifact name="netty-common-4.1.42.Final.jar">
-            <sha256 value="3d0a918d78292eeca02a7bb2188daa4e5053b6e29b71e6308309033e121242b5" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-resolver" version="4.1.118.Final">
+         <artifact name="netty-resolver-4.1.118.Final.jar">
+            <sha256 value="3170c225972c18b6850d28add60db15bb28d83c4e3d5b686ca220e0bd7273c8a" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-handler" version="4.1.115.Final">
-         <artifact name="netty-handler-4.1.115.Final.jar">
-            <sha256 value="5972028cc863b74927ce0d11fb8d58f65da2560bef5602fe8ce8903bd306ca07" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-resolver-dns" version="4.1.118.Final">
+         <artifact name="netty-resolver-dns-4.1.118.Final.jar">
+            <sha256 value="c0e0fdaffaba849e3145b2b96288fc8fc6f3b2a623cf72aaba708288348e4938" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-handler" version="4.1.42.Final">
-         <artifact name="netty-handler-4.1.42.Final.jar">
-            <sha256 value="11eda86500c33b9d386719b5419f513fd9c097d13894f25dd0c75b610d636e03" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-transport" version="4.1.118.Final">
+         <artifact name="netty-transport-4.1.118.Final.jar">
+            <sha256 value="ab3751e717daef9c8d91e4d74728a48730bd8530b72e2466b222b2ea3fb07db9" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-handler-proxy" version="4.1.115.Final">
-         <artifact name="netty-handler-proxy-4.1.115.Final.jar">
-            <sha256 value="807e67cfb17136927d11db42df62031169d1fa0883e13f254906994c84ffbe87" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-transport-classes-epoll" version="4.1.118.Final">
+         <artifact name="netty-transport-classes-epoll-4.1.118.Final.jar">
+            <sha256 value="bd86e6d41e1f6053f9577931655236259778ab045646e1e6ab04150f070864f3" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="io.netty" name="netty-resolver" version="4.1.115.Final">
-         <artifact name="netty-resolver-4.1.115.Final.jar">
-            <sha256 value="7b3455d14f59828765a00573bc3967dc59379e874bd62a67eb1926d6512109d1" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="io.netty" name="netty-resolver" version="4.1.42.Final">
-         <artifact name="netty-resolver-4.1.42.Final.jar">
-            <sha256 value="89768242b6b7cce9bd9f5945ad21d1b4bae515c6b1bf03a8af5d1899779cebc9" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="io.netty" name="netty-resolver-dns" version="4.1.115.Final">
-         <artifact name="netty-resolver-dns-4.1.115.Final.jar">
-            <sha256 value="4aca31593e5896c64ab7e041bbc6c0d851bd9634ec3a4354208141a35576619f" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="io.netty" name="netty-transport" version="4.1.115.Final">
-         <artifact name="netty-transport-4.1.115.Final.jar">
-            <sha256 value="c3d71faaa736ffd2c9260ab0b498024b814c39c7d764bea8113fa98de6e2bdd2" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="io.netty" name="netty-transport" version="4.1.42.Final">
-         <artifact name="netty-transport-4.1.42.Final.jar">
-            <sha256 value="dfa817a156ea263aa9ad8364a2e226527665c9722aca40a7945f228c2c14f1da" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="io.netty" name="netty-transport-classes-epoll" version="4.1.115.Final">
-         <artifact name="netty-transport-classes-epoll-4.1.115.Final.jar">
-            <sha256 value="40aa67b4463cca0ab346e393c87f6c37e8954d18ec8b78567d95b55aa1f2b3aa" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="io.netty" name="netty-transport-native-epoll" version="4.1.42.Final">
-         <artifact name="netty-transport-native-epoll-4.1.42.Final.jar">
-            <sha256 value="3c7d659b3bd773e0ea9b7517d2d6baffa275a3d2ae8eb4c10cb8f0a7724b11d5" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="io.netty" name="netty-transport-native-unix-common" version="4.1.115.Final">
-         <artifact name="netty-transport-native-unix-common-4.1.115.Final.jar">
-            <sha256 value="4b03e716272657c296b0204b57c140b2b2ca96b1a746c92da41f595892ec6d88" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
-      <component group="io.netty" name="netty-transport-native-unix-common" version="4.1.42.Final">
-         <artifact name="netty-transport-native-unix-common-4.1.42.Final.jar">
-            <sha256 value="508fba9128da78bd775ba854d71917ceb2b00b95a7600254f54a277a06761a86" origin="Generated by Gradle"/>
+      <component group="io.netty" name="netty-transport-native-unix-common" version="4.1.118.Final">
+         <artifact name="netty-transport-native-unix-common-4.1.118.Final.jar">
+            <sha256 value="69b16793d7b41ea76a762bd2bd144fc4f7c39c156a7a59ebf69baeb560fb10b7" origin="Generated by Gradle"/>
          </artifact>
       </component>
       <component group="io.opencensus" name="opencensus-api" version="0.30.0">
diff --git a/modules/repository-azure/src/main/plugin-metadata/plugin-security.policy b/modules/repository-azure/src/main/plugin-metadata/plugin-security.policy
index 8a7c62359737..3aeeb6bde391 100644
--- a/modules/repository-azure/src/main/plugin-metadata/plugin-security.policy
+++ b/modules/repository-azure/src/main/plugin-metadata/plugin-security.policy
@@ -12,6 +12,8 @@ grant {
   permission java.net.SocketPermission "*", "connect";
   // io.netty.util.concurrent.GlobalEventExecutor.startThread
   permission java.lang.RuntimePermission "setContextClassLoader";
+  // io.netty.util.concurrent.GlobalEventExecutor.startThread
+  permission java.lang.RuntimePermission "getClassLoader";
   // Used by jackson bean deserialization
   permission java.lang.RuntimePermission "accessDeclaredMembers";
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
diff --git a/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy b/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy
index ed278af96d92..dbf8e728c160 100644
--- a/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy
+++ b/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy
@@ -14,8 +14,9 @@ grant codeBase "${codebase.netty-common}" {
    // netty makes and accepts socket connections
    permission java.net.SocketPermission "*", "accept,connect";
 
-   // Netty sets custom classloader for some of its internal threads
+   // Netty gets and sets classloaders for some of its internal threads
    permission java.lang.RuntimePermission "setContextClassLoader";
+   permission java.lang.RuntimePermission "getClassLoader";
 };
 
 grant codeBase "${codebase.netty-transport}" {
diff --git a/server/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy b/server/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy
index ada61c118ec3..0e206a2005e7 100644
--- a/server/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy
+++ b/server/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy
@@ -120,8 +120,9 @@ grant codeBase "${codebase.httpasyncclient}" {
 grant codeBase "${codebase.netty-common}" {
    // for reading the system-wide configuration for the backlog of established sockets
    permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read";
-   // Netty sets custom classloader for some of its internal threads
+   // Netty gets and sets classloaders for some of its internal threads
    permission java.lang.RuntimePermission "setContextClassLoader";
+   permission java.lang.RuntimePermission "getClassLoader";
    permission java.net.SocketPermission "*", "accept,connect";
 };
 
diff --git a/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy b/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy
index d814dfbb1c11..b4791207a15b 100644
--- a/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy
+++ b/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy
@@ -46,8 +46,9 @@ grant {
 grant codeBase "${codebase.netty-common}" {
    // for reading the system-wide configuration for the backlog of established sockets
    permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read";
-   // Netty sets custom classloader for some of its internal threads
+   // Netty gets and sets classloaders for some of its internal threads
    permission java.lang.RuntimePermission "setContextClassLoader";
+   permission java.lang.RuntimePermission "getClassLoader";
 };
 
 grant codeBase "${codebase.netty-transport}" {