CVE-2026-4891
Heap-based Out-of-Bounds Read in Dnsmasq DNSSEC Validation
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the_dnsmasq_project | dnsmasq | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap-based out-of-bounds read in the DNSSEC validation component of dnsmasq. It allows remote attackers to send specially crafted DNS packets that cause the software to read memory outside the intended bounds, potentially leading to a denial of service.
How can this vulnerability impact me? :
The primary impact of this vulnerability is that an attacker can cause a denial of service (DoS) on systems running dnsmasq by sending malicious DNS packets. This can disrupt DNS resolution services, potentially affecting network availability and connectivity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability CVE-2026-4891 in dnsmasq, you should update dnsmasq to version 2.92rel2 or later, as this version addresses this and related vulnerabilities.
Applying the vendor-provided patches or updates promptly is recommended to prevent exploitation that could lead to denial of service or other attacks.