Critical DoS Vulnerability in Fedora NTP Service Addressed

Critical DoS Vulnerability in Fedora NTP Service Addressed

First seen 31 Mar 2026, 07:29 UTC Linuxsecurity 93% similarity 70.5

Article Content

Browse articles
ThreatCluster

A critical Denial of Service (DoS) vulnerability, CVE-2026-26076, affecting the ntpd-rs service in Fedora 42 and 43 has been identified and patched. This vulnerability allows attackers to exploit malformed NTS packets to request excessive cookies, potentially leading to service disruptions. The vulnerability was published on February 12, 2026, and affects users of Fedora 42 and 43 who utilize the NTP service. The update to version 1.7.1 includes the necessary fixes and is available for installation via the 'dnf' package manager. Users are advised to upgrade their systems to mitigate potential attacks. The vulnerability's exploitation could impact a wide range of systems relying on accurate timekeeping. The patch was released on March 22, 2026, and is critical for maintaining service integrity.

Key Points: • CVE-2026-26076 allows DoS via malformed NTS packets in ntpd-rs. • Affected systems include Fedora 42 and 43 with NTP service. • Users should update to version 1.7.1 to mitigate the vulnerability.

ThreatCluster AI

Timeline

2026-02-12
CVE-2026-26076 published
2026-03-22
Patch released for Fedora 42 and 43
2026-03-31
Articles published about the vulnerability and patch

Community

Browse all →