CVE Catalog

CVE-2026-4891

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
5.73%

92th percentile - higher than 92% of all known CVEs

Summary

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.

Risk Assessment

An attacker can remotely crash the DNS service, leading to unavailability of name resolution for the entire organization.

Recommendation

Immediately update dnsmasq to the latest patched version and consider temporarily disabling DNSSEC validation if not required.

Original NVD description (English source)

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS