← back
CVE-2026-5172

CVE-2026-5172

CVSS 7.3 HIGHEPSS 0.9%CWE-125
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 7.3EPSS 0.9%KEV nãoPoC públicaNuclei Metasploit Patch referenciado
Lifecycle
11 May 2026Published on NVD
27 May 2026Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
dnsmasq · dnsmasq
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →