{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4893", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-03-26T13:12:03.722Z", "datePublished": "2026-05-11T16:48:15.106Z", "dateUpdated": "2026-05-11T19:57:48.774Z"}, "containers": {"cna": {"title": "CVE-2026-4893", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "dnsmasq", "product": "dnsmasq", "versions": [{"status": "affected", "version": "2.92rel2"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-287: Improper Authentication"}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/471747"}, {"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"}, {"url": "https://thekelleys.org.uk/dnsmasq/CVE/"}, {"url": "https://github.com/NixOS/nixpkgs/pull/519093"}, {"url": "https://github.com/NixOS/nixpkgs/pull/519082"}, {"url": "https://github.com/pi-hole/FTL/releases/tag/v6.6.2"}], "x_generator": {"engine": "VINCE 3.0.39", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4893"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-05-11T19:57:48.774Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-05-11T18:28:57.486938Z", "id": "CVE-2026-4893", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-11T18:29:00.767Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4893", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-11T18:28:57.486938Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-11T18:28:48.460Z"}}], "cna": {"title": "CVE-2026-4893", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "dnsmasq", "product": "dnsmasq", "versions": [{"status": "affected", "version": "2.92rel2"}]}], "references": [{"url": "https://www.kb.cert.org/vuls/id/471747"}, {"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"}, {"url": "https://thekelleys.org.uk/dnsmasq/CVE/"}, {"url": "https://github.com/NixOS/nixpkgs/pull/519093"}, {"url": "https://github.com/NixOS/nixpkgs/pull/519082"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.39", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4893"}, "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-287: Improper Authentication"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-05-11T18:28:52.384Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4893", "state": "PUBLISHED", "dateUpdated": "2026-05-11T18:29:00.767Z", "dateReserved": "2026-03-26T13:12:03.722Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-05-11T16:48:15.106Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information."}], "id": "CVE-2026-4893", "lastModified": "2026-05-12T14:15:46.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-05-11T18:16:41.593", "references": [{"source": "cret@cert.org", "url": "https://github.com/NixOS/nixpkgs/pull/519082"}, {"source": "cret@cert.org", "url": "https://github.com/NixOS/nixpkgs/pull/519093"}, {"source": "cret@cert.org", "url": "https://github.com/pi-hole/FTL/releases/tag/v6.6.2"}, {"source": "cret@cert.org", "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"}, {"source": "cret@cert.org", "url": "https://thekelleys.org.uk/dnsmasq/CVE/"}, {"source": "cret@cert.org", "url": "https://www.kb.cert.org/vuls/id/471747"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "dnsmasq: Broken ECS source validation bypass", "id": "2458519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458519"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["A validation bypass was discovered in dnsmasq's RFC 7871 client subnet (ECS) handling. When verifying ECS source information in DNS responses, dnsmasq passes the OPT record length instead of the full packet length to the validation function.This causes all internal bounds checks to fail, completely bypassing ECS source validation and allowing an attacker to spoof client subnet information."], "name": "CVE-2026-4893", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-05-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4893\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4893"], "statement": "Red Hat rates this as Moderate. This issue affects deployments with the `--add-subnet` option enabled. The impact is limited to bypassing ECS source validation, which could allow cache manipulation scoped to specific subnets or minor information disclosure about network topology.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.93"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "dnsmasq", "source": "cna", "vendor": "dnsmasq"}, "product": "dnsmasq", "vendor": "dnsmasq"}], "created": "2026-05-11T18:45:25.408156+00:00", "title": "Information Disclosure via RFC 7871 Client\u2011Subnet Options in dnsmasq", "updated": "2026-05-13T04:30:05.920518+00:00", "vendors": ["dnsmasq", "dnsmasq$PRODUCT$dnsmasq"]}