CVE-2026-2291

Name of the Vulnerable Software and Affected Versions dnsmasq (affected versions not specified)

Description The extract name() function can be abused to cause a heap buffer overflow, a condition where data exceeds the allocated memory buffer on the heap. This allows an attacker to inject false DNS cache entries, potentially redirecting DNS lookups to an attacker-controlled IP address or causing a Denial of Service (DoS).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.