CVE Vulnerabilities

CVE-2026-4893

Published: May 11, 2026 | Modified: Jun 17, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.

Affected Software

NameVendorStart VersionEnd Version
Red Hat Enterprise Linux 10RedHatdnsmasq-0:2.90-7.el10_2*
Red Hat Enterprise Linux 8RedHatdnsmasq-0:2.79-36.el8_10*
Red Hat Enterprise Linux 9RedHatdnsmasq-0:2.85-18.el9_8.1*
Red Hat Enterprise Linux 9.6 Extended Update SupportRedHatdnsmasq-0:2.85-17.el9_6.1*
DnsmasqUbuntudevel*
DnsmasqUbuntuesm-infra-legacy/trusty*
DnsmasqUbuntuesm-infra-legacy/xenial*
DnsmasqUbuntuesm-infra/bionic*
DnsmasqUbuntuesm-infra/focal*
DnsmasqUbuntuesm-infra/xenial*
DnsmasqUbuntujammy*
DnsmasqUbuntunoble*
DnsmasqUbuntuquesting*
DnsmasqUbunturesolute*

References