TL;DR
CERT has announced the release of six CVEs for critical security vulnerabilities in dnsmasq, affecting most recent versions. Vendors are expected to release patches soon, as developers work on updates to fix these long-standing bugs.
CERT has issued six security CVEs for dnsmasq, revealing long-standing vulnerabilities affecting most recent versions. These flaws pose significant security risks, prompting vendors and developers to prepare patches and updates.
The vulnerabilities were disclosed by CERT on May 11, 2026, and are described as serious, long-standing bugs impacting nearly all current non-legacy dnsmasq releases. The CVEs have been pre-disclosed to vendors, who are expected to release patched versions shortly. Simon Kelley, a dnsmasq developer, confirmed that a new ‘2.92rel2’ release has been made available, incorporating patches for these vulnerabilities, and that the development branch will soon include fixes in the upcoming ‘2.93’ release candidate. Kelley noted that some patches address root causes with comprehensive rewrites, while others are backports of existing fixes. The vulnerabilities are believed to have been exploited or at least discovered through AI-driven security research, emphasizing the urgency of the patches.
Why It Matters
This development matters because dnsmasq is widely used in network infrastructure, including routers, small business networks, and embedded systems. Critical vulnerabilities can lead to remote code execution, denial of service, or data breaches, making timely patching essential to prevent exploitation.
Security Patch, 2 Pcs Reflective Security Hook and Loop Patch for Vest Printed Letters Embroidery Patches for Officer Guard Custom Uniforms Vest, Jacket, Carrier, Bag, Hat (Black, 1 Small and 1 Large)
【Package Content】The package contains two security patches for vest, one small (5.5 x 2.5 inches) and one large…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
dnsmasq is a popular DNS and DHCP server used globally. Prior to this disclosure, multiple security issues had been identified, but these six CVEs represent long-standing bugs that have persisted across versions. The disclosure follows a recent surge in AI-generated bug reports, which have accelerated bug discovery and disclosure processes. Historically, security flaws in dnsmasq have been patched in incremental updates, but the current vulnerabilities are described as severe enough to warrant immediate attention.
“These are long-standing bugs which apply to pretty much all non-ancient versions. The CVE has been pre-disclosed to vendors, so hopefully they will be releasing patched versions in a timely manner.”
— Simon Kelley
NetAlly CyberScope Air Wi-Fi Edge Network Vulnerability Scanner (Wireless Only Version). Validate Edge Infrastructure Hardening, Hunt Down Rogue Devices, Investigate Suspect RF Interference
Portable, handheld form factor – Take it anywhere for on-site security testing. This field-ready tool gives you visibility…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet clear whether any systems have been actively exploited using these vulnerabilities or the full scope of their impact. Details about the specific nature of the bugs and potential exploitation vectors are still emerging.
WORKPRO Compact Router Kit, 6.5 Amp Corded Hand Trimmer Router Tool, 6 Variable Speeds Wood Router for Woodworking Slotting Trimming
Powerful Motor: The 6.5 amp motor provides ample power for routing and trimming applications. The speed control dial…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Vendors are expected to release official patches for affected versions shortly. Users and administrators should monitor updates from their vendors and apply patches promptly. The upcoming dnsmasq 2.93 release is anticipated to include comprehensive fixes for these CVEs.
Gaobige Network Tool Kit for Cat5 Cat5e Cat6, 11 in 1 Portable Ethernet Cable Crimper Kit with a Ethernet Crimping Tool, 8p8c 6p6c Connectors rj45 rj11 Cat5 Cat6 Cable Tester, 110 Punch Down Tool
Complete Network Tool Kit for Cat5 Cat5e Cat6, Convenient for Our Work: 11-in-1 network tool kit includes a…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What are the specific vulnerabilities in dnsmasq?
The CVEs address multiple long-standing bugs affecting dnsmasq’s DNS and DHCP functionalities, potentially enabling remote code execution or denial of service. Exact technical details are available in the official CVE disclosures.
Are all versions of dnsmasq affected?
The vulnerabilities apply to most recent non-legacy versions, including the current stable release 2.92 and development branches. Older or heavily modified versions may be unaffected.
When will patches be available?
Vendors are expected to release patched versions soon, with the dnsmasq 2.92rel2 already available and the upcoming 2.93 release including fixes. Users should stay alert for official updates.
How can I protect my systems in the meantime?
Administrators should monitor vendor advisories, disable dnsmasq if possible, or restrict network access until patches are applied. Implementing network segmentation can also limit potential damage.
