Sinisa Markovic
Sinisa Markovic, Senior Staff Writer, Help Net Security

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root

Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution bugs among the issues.

dnsmasq vulnerabilities

Taken together, the security flaws open the door to various attacks: poisoning cached DNS entries, slipping past security controls, crashing the dnsmasq process, and in certain scenarios, escalating privileges locally. To address all of this, the dnsmasq project has rolled out version 2.92rel2, which contains fixes for the reported vulnerabilities.

“I will shortly tag dnsmasq-2.93rc1 and the aim is to get a stable 2.93 release done ASAP. Testing of release candidate by members here is important and I’d like to encourage anyone who can to do that as soon as they can. With luck, 2.93 could be out in a week or so,” said Simon Kelley, primary author and maintainer of dnsmasq.

The vulnerabilities

CVE-2026-2291: dnsmasq’s extract_name() function can be abused to cause a heap buffer overflow, enabling an attacker to inject false DNS cache entries. This could cause DNS queries to be redirected to attacker-controlled IP addresses or result in a DoS.

CVE-2026-4890: An infinite-loop flaw in the DNSSEC validation of dnsmasq allows remote attackers to cause DoS conditions via a crafted DNS packet.

CVE-2026-4891: A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to leak memory information via a crafted DNS packet.

CVE-2026-4892: A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.

CVE-2026-4893: An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet containing RFC 7871 client-subnet information.

CVE-2026-5172: A buffer overflow vulnerability in dnsmasq’s extract_addresses() function allows attackers to trigger a heap out-of-bounds read and crash dnsmasq by exploiting a malformed DNS response.

Download: Automating Pentest Delivery Guide

More about

Featured news

Resources

Don't miss