VDB
DEBIAN-CVE-2026-4892
DEBIAN-CVE-2026-4892
PUBLISHED
CVSS 8.399999618530273 HIGH
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
Risk Scores
CVSS 3.1
8.399999618530273
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | dnsmasq | 2.89-1, 2.90-1, 2.90-3 |
| Debian:13 | dnsmasq | 0, 2.91-1 |
| Debian:14 | dnsmasq | 2.92-4, 2.92-5, 2.92 |
| Debian:11 | dnsmasq | 2.91-1, 2.91, 2.91 |
Timeline
- May 11, 2026 CVE Published
- May 12, 2026 CVE Updated