In the Dnsmasq package, a set of vulnerabilities has been identified that allow attackers to execute code with root privileges, redirect domains to other IP addresses, access process memory contents, and cause service crashes. These vulnerabilities have been resolved in dnsmasq 2.92rel2, with patches also available for download.
The status of these vulnerabilities in various distributions can be checked on specific pages where updates and fixes are noted for Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch, Fedora, OpenWRT, and FreeBSD.
Some of the identified issues include:
- CVE-2026-4892 – A buffer overflow in the DHCPv6 implementation of dnsmasq, allowing attackers with network access to execute code with root privileges. This overflow was caused by writing DHCPv6 CLID to the buffer without considering that the data in the packet is stored in hexadecimal notation, resulting in excessive bytes being written.
- CVE-2026-2291 – Another buffer overflow in the extract_name() function, enabling attackers to insert false DNS cache entries and redirect domains to different IP addresses. The overflow was due to buffer allocation neglecting some character escapes in the internal domain name representation.
- CVE-2026-4893 – Information leakage allowing bypassing of verification by sending modified DNS packets with client subnet details. This vulnerability can alter DNS response routes and redirect users to malicious domains. The flaw stemmed from passing OPT record length instead of packet length to the check_source() function.
- CVE-2026-4891 – Further details pending.
/Reports, release notes, official announcements.