CVE-2026-4893
Information Disclosure in Dnsmasq via RFC 7871 Bypass
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the_dnsmasq_project | dnsmasq | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an information disclosure issue in dnsmasq. It allows remote attackers to bypass source checks by sending a specially crafted DNS packet that includes RFC 7871 client subnet information.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized information disclosure because attackers can bypass source checks. This may allow them to gain access to information that should be restricted, potentially compromising network security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided context and resources do not contain information regarding the impact of CVE-2026-4893 on compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the information disclosure vulnerability in dnsmasq (CVE-2026-4893), you should update dnsmasq to the patched version 2.92rel2 or later, which includes fixes for this and related vulnerabilities.
The patched version 2.92rel2 is available on the official dnsmasq website and has been incorporated into various package repositories, including NixOS.
Testing the updated version in your environment before full deployment is recommended to ensure stability.