CVE-2026-27854

Name of the Vulnerable Software and Affected Versions DNSdist (affected versions not specified)

Description An attacker may be able to trigger a use-after-free condition by sending specially crafted DNS queries to DNSdist when using custom Lua code. This occurs through the DNSQuestion:getEDNSOptions method. Specifically, DNSQuestion:getEDNSOptions might reference a modified version of the DNS packet, leading to a use-after-free and potentially causing a denial of service due to a crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.