Description
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
Published: 2026-05-11
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap-based out‑of‑bounds write in dnsmasq’s DHCPv6 code allows a malicious packet to overwrite adjacent heap memory, which can then be leveraged to execute arbitrary code with root privileges. The likely attack vector is the local network, where an attacker can craft and send a DHCPv6 packet to the vulnerable server; if the server processes this packet, the attacker can compromise the entire system, gaining full control over configuration, data, and services. Based on the description, it is inferred that the attacker must be able to transmit the packet on the network that reaches the dnsmasq instance.

Affected Systems

dnsmasq, an open‑source DNS and DHCP server commonly employed in routers, IoT devices, and embedded systems. No specific affected version numbers are listed in the advisory, so all installed copies of dnsmasq should be considered potentially vulnerable until patched.

Risk and Exploitability

The vulnerability requires local network proximity and the ability to send a specially crafted DHCPv6 packet. Based on the description, it is inferred that the attacker must be on the same network as the dnsmasq server to deliver the exploit. Although an EPSS score is not available and the issue is not listed in KEV, the potential to gain root privileges coupled with no runtime mitigations suggests a high‑impact risk. The CVSS score of 8.4 underscores this high severity. Administrators should assume that any untrusted host on the same network could attempt this exploit.

Generated by OpenCVE AI on May 11, 2026 at 20:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest dnsmasq release that contains the fix
  • Disable DHCPv6 on the server if DHCPv6 service is not required
  • Restrict DHCPv6 traffic to trusted sources using firewall rules or VLAN segmentation

Generated by OpenCVE AI on May 11, 2026 at 20:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6264-1 dnsmasq security update
History

Wed, 13 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
References

Mon, 11 May 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Mon, 11 May 2026 19:30:00 +0000

Type Values Removed Values Added
References

Mon, 11 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 11 May 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Dnsmasq
Dnsmasq dnsmasq
Vendors & Products Dnsmasq
Dnsmasq dnsmasq

Mon, 11 May 2026 18:45:00 +0000

Type Values Removed Values Added
References

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
Title CVE-2026-4892
References

Subscriptions

Dnsmasq Dnsmasq
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-05-11T19:58:06.568Z

Reserved: 2026-03-26T13:09:48.958Z

Link: CVE-2026-4892

cve-icon Vulnrichment

Updated: 2026-05-11T18:25:52.978Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-11T18:16:41.483

Modified: 2026-05-12T14:15:46.747

Link: CVE-2026-4892

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-09T00:00:00Z

Links: CVE-2026-4892 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T20:45:26Z

Weaknesses