CVE-2026-4893
Received
Received - Intake
Information Disclosure in Dnsmasq via RFC 7871 Bypass
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: CERT/CC
Description
Description
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the_dnsmasq_project | dnsmasq | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an information disclosure issue in dnsmasq. It allows remote attackers to bypass source checks by sending a specially crafted DNS packet that includes RFC 7871 client subnet information.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized information disclosure because attackers can bypass source checks. This may allow them to gain access to information that should be restricted, potentially compromising network security.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70