CVE Catalog

CVE-2026-40012

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Summary

The vulnerability affects the ECS (EDNS Client Subnet) mechanism in DNS servers. Zero-scoped ECS responses are stored in the packet cache even though they should not be cached. The issue occurs only in configurations with ECS enabled.

Risk Assessment

Improper caching of DNS responses may lead to violation of client data isolation and potential leakage of network location information. An attacker could exploit this vulnerability to gain access to DNS responses intended for other users.

Recommendation

It is recommended to disable ECS in the DNS server configuration or apply patches from the software vendor. Also, regularly clear the packet cache after updates.

Original NVD description (English source)

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;

Vulnerability data from NVD (NIST) · CISA KEV · EPSS