CVE-2026-10846
Received Received - Intake
DNS Cache Poisoning Vulnerability in NLnet Labs ldns

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: NLnet Labs

Description
NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of the response. This makes applications, that use ldns for (stub) resolver functionality over UDP, vulnerable for off-path poisoning attacks. The drill tool, which is shipped with ldns, suffers from this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-10846
EUVD
EUVD-2026-35991
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nlnet_labs ldns to 1.9.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability affects NLnet Labs ldns versions 1.2.0 up to and including 1.9.0 when used as a (stub) resolver over UDP. It occurs because the software does not properly match the query destination address and port with the response source address and port. Additionally, it does not verify the query ID or the question in the query against the response. This flaw allows attackers to perform off-path poisoning attacks, where they can inject malicious responses into the DNS resolver process.

The drill tool, which is included with ldns, is also affected by this vulnerability.

Impact Analysis

This vulnerability can allow attackers to perform off-path DNS poisoning attacks. This means an attacker who is not directly in the communication path can inject forged DNS responses, potentially redirecting users to malicious websites or services without their knowledge.

Such attacks can lead to compromised security, data interception, or redirection to fraudulent sites, impacting the integrity and trustworthiness of DNS resolution in affected applications.

Mitigation Strategies

To mitigate the vulnerability in ldns versions 1.2.0 through 1.9.0, you should upgrade to ldns version 1.9.1, which includes a patch addressing this issue.

Alternatively, if upgrading is not immediately possible, you can manually apply the provided patch to your current ldns version up to 1.9.0.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10846. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart