Threat Advisory

Dnsmasq Vulnerabilities Expose DNS Cache Poisoning

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Critical Infrastructure
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in dnsmasq, an open-source networking tool that handles DNS forwarding, DHCP, and network boot services for millions of users. The vulnerabilities, collectively tracked across six CVEs (CVE-2026-2291, CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893, and CVE-2026-5172), enable attackers to poison DNS caches, bypass security controls, and achieve local privilege escalation. The reported issues range from heap buffer overflows to infinite loops, each providing a different lever for an attacker to destabilize a network. The business risk and impact are significant, as a successful exploit can redefine the network's reality, redirect users to malicious domains, disclose internal memory and network information, and terminate DNS resolution and dependent services. This could have severe consequences for businesses and individuals, including financial loss, reputational damage, and compromised network security.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in dnsmasq, an open-source networking tool that handles DNS forwarding, DHCP, and network boot services for millions of users. The vulnerabilities, collectively tracked across six CVEs (CVE-2026-2291, CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893, and CVE-2026-5172), enable attackers to poison DNS caches, bypass security controls, and achieve local privilege escalation. The reported issues range from heap buffer overflows to infinite loops, each providing a different lever for an attacker to destabilize a network. The business risk and impact are significant, as a successful exploit can redefine the network's reality, redirect users to malicious domains, disclose internal memory and network information, and terminate DNS resolution and dependent services. This could have severe consequences for businesses and individuals, including financial loss, reputational damage, and compromised network security.[emaillocker id="1283"]

  • CVE-2026-2291 with a CVSS score of 9.8 – A flaw in the extract_name() function allows attackers to trigger a heap buffer overflow, enabling the injection of false DNS cache entries, causing DNS queries to be redirected to attacker-controlled IP addresses or resulting in a Denial of Service (DoS).
  • CVE-2026-4890 with a CVSS score of 9.8 – This vulnerability targets DNSSEC validation, allowing remote attackers to trigger an infinite loop, effectively knocking the dnsmasq service offline.
  • CVE-2026-4892 with a CVSS score of 9.9 – A flaw allows an attacker to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
  • CVE-2026-4891 with a CVSS score of 7.5 – A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to leak memory information via a crafted DNS packet.
  • CVE-2026-4893 with a CVSS score of 7.5 – An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet containing RFC 7871 client-subnet information.
  • CVE-2026-5172 with a CVSS score of 9.8 – A buffer overflow vulnerability in dnsmasq's extract_addresses() function allows attackers to trigger a heap out-of-bounds read and crash dnsmasq by exploiting a malformed DNS response. The identified vulnerabilities pose significant risks to businesses and individuals, including redirection, information disclosure, and service termination.

A successful exploit can redefine the network's reality, redirect users to malicious domains, disclose internal memory and network information, and terminate DNS resolution and dependent services. This could have severe consequences, including financial loss, reputational damage, and compromised network security.

RECOMMENDATION:

  • We recommend you to update dnsmasq to version 2.92rel2.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/multiple-memory-flaws-in-dnsmasq-threaten-millions-of-connected-devices/

[/emaillocker]
crossmenu