CVE-2026-2291
Heap Buffer Overflow in dnsmasq DNS Cache
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thekelleys | dnsmasq | 2.92rel2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2291 is a vulnerability in dnsmasq, an open-source networking tool used for DNS forwarding, DHCP, and network boot services.
The flaw exists in the extract_name() function, where a heap buffer overflow can occur.
An attacker can exploit this overflow to inject false DNS cache entries.
This can cause DNS lookups to be redirected to attacker-controlled IP addresses or cause a Denial of Service (DoS) by crashing the dnsmasq process.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in dnsmasq allows attackers to inject false DNS cache entries, potentially redirecting DNS lookups to malicious IP addresses or causing denial of service. Such manipulation of DNS responses can lead to unauthorized data interception or disruption of services.
This could impact compliance with standards like GDPR and HIPAA, which require protection of personal and sensitive data and mandate maintaining the integrity and availability of network services. DNS cache poisoning could facilitate data breaches or service outages, thereby violating these regulations.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to redirect your DNS queries to malicious IP addresses, potentially leading to phishing, malware infection, or data interception.
Additionally, it can cause a Denial of Service (DoS) by crashing the dnsmasq service, disrupting network services that rely on it.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a heap buffer overflow in the extract_name() function of dnsmasq, which can cause DNS cache poisoning or denial of service. Detection can focus on identifying if the vulnerable version of dnsmasq is running on your system.
You can check the dnsmasq version installed on your system using commands like:
- dnsmasq --version
- apt list --installed | grep dnsmasq (on Debian/Ubuntu)
- rpm -qa | grep dnsmasq (on RedHat/CentOS)
Additionally, monitoring DNS responses for suspicious or unexpected IP addresses, or unusual dnsmasq crashes or restarts, may indicate exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update dnsmasq to a fixed version that addresses this vulnerability.
- Upgrade dnsmasq to version 2.92rel2 or later, as this version includes patches for CVE-2026-2291 and related vulnerabilities.
- If immediate upgrade is not possible, consider temporarily disabling dnsmasq or restricting access to the dnsmasq service to trusted hosts only.
- Monitor dnsmasq logs for unusual activity or crashes that may indicate exploitation attempts.