You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
dnsmasq
About this tag
The dnsmasq tag on WindowsForum covers vulnerabilities and security issues affecting the dnsmasq DNS forwarder, particularly those disclosed in May 2026. While dnsmasq is not a Windows component, these flaws impact Windows users because dnsmasq is widely used in routers, Pi-hole devices, Linux containers, WSL environments, and other network infrastructure that Windows networks depend on. Discussions focus on CVEs such as CVE-2026-4891 (DNSSEC validation heap read), CVE-2026-4890 (DNSSEC denial of service), and CVE-2026-4893 (EDNS Client Subnet info leak). The recurring theme is that Windows administrators must patch upstream DNS services to protect their mixed environments, as DNS is a shared dependency across platforms.
CVE-2026-4891 is a dnsmasq DNSSEC validation flaw disclosed on May 11, 2026, in which crafted DNS packets can trigger a heap-based out-of-bounds read, exposing memory information or contributing to service disruption in systems that rely on vulnerable dnsmasq builds. The oddity is not that a...
CVE-2026-4890 is a high-severity dnsmasq denial-of-service vulnerability disclosed on May 11, 2026, in which a remote attacker can use a crafted DNS packet against DNSSEC validation to make the resolver unavailable, affecting Linux distributions, appliances, and embedded network products that...
CVE-2026-4893 is a medium-severity information disclosure vulnerability in dnsmasq, published on May 11, 2026, that allows a remote unauthenticated attacker to bypass source checks by sending a crafted DNS packet containing RFC 7871 EDNS Client Subnet information. The bug is not a...