Critical Dnsmasq Vulnerability Exposes Ubuntu Systems to Remote Attacks
Severity: High (Score: 72.0)
Sources: Linuxsecurity, Ubuntu, launchpad.net
Published: · Updated:
Keywords: dnsmasq, ubuntu, made, crash, programs, received, specially
Severity indicators: critical, service disruption
Summary
A critical vulnerability in Dnsmasq affects Ubuntu 26.04 LTS and its derivatives, allowing remote attackers to crash the service or execute arbitrary code. The flaw arises from improper handling of BOOTREPLY packets when the --dhcp-split-relay option is enabled. This vulnerability can lead to denial of service and potential remote code execution. Users are advised to update their systems to the patched version dnsmasq 2.92-1ubuntu0.3. A standard system update will apply the necessary changes. The issue was disclosed on May 26, 2026, and impacts all systems running the affected versions of Dnsmasq. Ubuntu Pro offers extended security coverage for users managing multiple systems. Key Points: • Dnsmasq vulnerability allows remote code execution and denial of service. • Affected systems include Ubuntu 26.04 LTS and its derivatives. • Users should update to dnsmasq version 2.92-1ubuntu0.3 to mitigate the risk.
Detailed Analysis
**Impact** Ubuntu 26.04 LTS systems and its derivatives running Dnsmasq with the --dhcp-split-relay option are affected. The vulnerability allows remote attackers to cause denial of service or execute arbitrary code, potentially disrupting network services reliant on Dnsmasq. The scope includes all Ubuntu users with affected configurations, with no specific sectors or geographies detailed. No data breach or exfiltration has been reported. **Technical Details** The vulnerability arises from improper handling of BOOTREPLY packets by Dnsmasq when the --dhcp-split-relay option is enabled. Attackers can send specially crafted network traffic to trigger crashes or remote code execution. No CVE identifier was provided in the articles. The attack vector is remote network-based exploitation targeting the DHCP relay functionality. No malware, tools, or IOCs were mentioned. **Recommended Response** Apply the updated Dnsmasq package versions immediately—Ubuntu 26.04 LTS users should update to dnsmasq 2.92-1ubuntu0.3 as per USN-8308-1. Ensure standard system updates are performed to incorporate the patch. Monitor network traffic for unusual BOOTREPLY packets if possible. Harden DHCP relay configurations and restrict exposure of affected services until patches are applied.
Source articles (4)
- USN-8308-1: Dnsmasq vulnerability — Ubuntu · 2026-05-26
Dnsmasq could be made to crash or run programs if it received specially crafted network traffic. It was discovered that Dnsmasq incorrectly handled BOOTREPLY packets when configured with the --dhcp-sp… - Ubuntu 26.04 LTS Dnsmasq Critical Service Disruption Vulnern 2026 — Linuxsecurity · 2026-05-26
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS Summary: Dnsmasq could be made to crash or run programs if it received specially crafted network traffic. Soft… - Dnsmasq — launchpad.net · 2026-05-26
dnsmasq: Small caching DNS proxy and DHCP/TFTP server - system daemon dnsmasq-base: Small caching DNS proxy and DHCP/TFTP server - executable dnsmasq- base-dbgsym: debug symbols for dnsmasq-base dnsma… - 2.92-1ubuntu0.3 — launchpad.net · 2026-05-26
Dnsmasq is a lightweight, easy to configure, DNS forwarder and DHCP server. It is designed to provide DNS and optionally, DHCP, to a small network. It can serve the names of local machines which are n…
Timeline
- 2026-05-26 — Dnsmasq vulnerability disclosed: A critical vulnerability affecting Dnsmasq was announced, allowing remote attacks through specially crafted packets.
- 2026-05-26 — Ubuntu 26.04 LTS affected: The vulnerability specifically impacts Ubuntu 26.04 LTS and its derivatives, necessitating urgent updates.
Related entities
- DDoS (Attack Type)
- Denial of Service (Attack Type)
- T1190 - Exploit Public-Facing Application (Mitre Attack)
- DNSmasq (Tool)
- Ubuntu (Company)