Critical Vulnerabilities in dnsmasq Expose Systems to DoS and Code Execution Risks

Critical Vulnerabilities in dnsmasq Expose Systems to DoS and Code Execution Risks

First seen 13 May 2026, 20:44 UTC Kb.CertHeise.Degithub.comnvd.nist.govLinuxsecurity+4 85% similarity 74.0

Article Content

Browse articles
ThreatCluster

Multiple vulnerabilities have been identified in dnsmasq, an open-source DNS and DHCP server, affecting various Linux distributions, including Ubuntu. The vulnerabilities, tracked as CVE-2026-2291, CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893, and CVE-2026-5172, allow attackers to exploit memory safety issues, leading to potential Denial of Service (DoS) and local privilege escalation. Specifically, CVE-2026-2291 allows for DNS cache poisoning, while CVE-2026-4890 can cause infinite loops, resulting in service outages. The vulnerabilities were published on May 11, 2026, and patches have been released for affected systems. Users are urged to update their dnsmasq installations to mitigate these risks. The vulnerabilities primarily affect Ubuntu versions 16.04 LTS through 26.04 LTS.

Key Points: • dnsmasq has multiple critical vulnerabilities allowing DoS and code execution. • Affected systems include various versions of Ubuntu from 16.04 to 26.04 LTS. • Patches are available; users must update to secure their systems.

ThreatCluster AI

Timeline

2026-05-11
CVE-2026-2291 published
Heap buffer overflow vulnerability allows DNS cache poisoning, affecting dnsmasq.
Kb.Cert
2026-05-11
CVE-2026-4890 published
Infinite-loop flaw in DNSSEC validation can cause DoS conditions in dnsmasq.
Kb.Cert
2026-05-11
CVE-2026-4891 published
Heap-based out-of-bounds read vulnerability allows memory information leakage.
Kb.Cert
2026-05-11
CVE-2026-4892 published
Local privilege escalation vulnerability allows arbitrary code execution via DHCPv6.
Kb.Cert
2026-05-11
CVE-2026-4893 published
Information disclosure vulnerability allows bypassing source checks in dnsmasq.
Kb.Cert
2026-05-11
CVE-2026-5172 published
Buffer overflow vulnerability can crash dnsmasq by exploiting malformed DNS responses.
Kb.Cert
2026-05-13
Ubuntu security advisory issued
Ubuntu released updates for dnsmasq to address critical vulnerabilities affecting multiple LTS versions.
Linuxsecurity

Community

Browse all →