CVE-2026-4893
CVE-2026-4893
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
dnsmasq · dnsmasqpublic PoCs found — 1
githubgithub.com/lottiedeyan/CVE20264893poc★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/NixOS/nixpkgs/pull/519082https://github.com/NixOS/nixpkgs/pull/519093https://github.com/pi-hole/FTL/releases/tag/v6.6.2https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.htmlhttps://thekelleys.org.uk/dnsmasq/CVE/https://www.kb.cert.org/vuls/id/471747