ALPINE-CVE-2026-4891

ALPINE-CVE-2026-4891 PUBLISHED CVSS 5.300000190734863 MEDIUM

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.22	dnsmasq	2.91-r0, 0, 2.86-r0
Alpine:v3.23	dnsmasq	0, 2.86-r0, 2.86-r1

Timeline

May 11, 2026 CVE Published
May 14, 2026 CVE Updated
May 15, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2026-4891 advisory

Open in Interactive Console →