CVE-2026-2291
Received Received - Intake
Heap Buffer Overflow in dnsmasq DNS Cache

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: CERT/CC

Description
dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2026-2291
EUVD
EUVD-2026-29091
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
thekelleys dnsmasq 2.92rel2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2291 is a vulnerability in dnsmasq, an open-source networking tool used for DNS forwarding, DHCP, and network boot services.

The flaw exists in the extract_name() function, where a heap buffer overflow can occur.

An attacker can exploit this overflow to inject false DNS cache entries.

This can cause DNS lookups to be redirected to attacker-controlled IP addresses or cause a Denial of Service (DoS) by crashing the dnsmasq process.

Impact Analysis

This vulnerability can impact you by allowing attackers to redirect your DNS queries to malicious IP addresses, potentially leading to phishing, malware infection, or data interception.

Additionally, it can cause a Denial of Service (DoS) by crashing the dnsmasq service, disrupting network services that rely on it.

Detection Guidance

This vulnerability involves a heap buffer overflow in the extract_name() function of dnsmasq, which can cause DNS cache poisoning or denial of service. Detection can focus on identifying if the vulnerable version of dnsmasq is running on your system.

You can check the dnsmasq version installed on your system using commands like:

  • dnsmasq --version
  • apt list --installed | grep dnsmasq (on Debian/Ubuntu)
  • rpm -qa | grep dnsmasq (on RedHat/CentOS)

Additionally, monitoring DNS responses for suspicious or unexpected IP addresses, or unusual dnsmasq crashes or restarts, may indicate exploitation attempts.

Mitigation Strategies

The primary mitigation step is to update dnsmasq to a fixed version that addresses this vulnerability.

  • Upgrade dnsmasq to version 2.92rel2 or later, as this version includes patches for CVE-2026-2291 and related vulnerabilities.
  • If immediate upgrade is not possible, consider temporarily disabling dnsmasq or restricting access to the dnsmasq service to trusted hosts only.
  • Monitor dnsmasq logs for unusual activity or crashes that may indicate exploitation attempts.
Compliance Impact

The vulnerability in dnsmasq allows attackers to inject false DNS cache entries, potentially redirecting DNS lookups to malicious IP addresses or causing denial of service. Such manipulation of DNS responses can lead to unauthorized data interception or disruption of services.

This could impact compliance with standards like GDPR and HIPAA, which require protection of personal and sensitive data and mandate maintaining the integrity and availability of network services. DNS cache poisoning could facilitate data breaches or service outages, thereby violating these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2291. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart