CVE-2026-40012
MediumCVSS 5.3Summary
The vulnerability affects the ECS (EDNS Client Subnet) mechanism in DNS servers. Zero-scoped ECS responses are stored in the packet cache even though they should not be cached. The issue occurs only in configurations with ECS enabled.
Risk Assessment
Improper caching of DNS responses may lead to violation of client data isolation and potential leakage of network location information. An attacker could exploit this vulnerability to gain access to DNS responses intended for other users.
Recommendation
It is recommended to disable ECS in the DNS server configuration or apply patches from the software vendor. Also, regularly clear the packet cache after updates.
Original NVD description (English source)
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;

