Skip to main content

dnsdist CVE-2026-40210

| EUVDEUVD-2026-39349 MEDIUM
Buffer Over-read (CWE-126)
2026-06-25 security@open-xchange.com GHSA-5292-qc6p-vf38
4.8
CVSS 3.1 · Vendor: open-xchange
Share

Severity by source

Vendor (open-xchange) PRIMARY
4.8 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
vuln.today AI
4.8 MEDIUM

Network-reachable without credentials, but AC:H reflects the non-default SetMacAddrAction configuration prerequisite; no integrity impact; memory disclosure and crash are each low severity.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
SUSE
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Primary rating from Vendor (open-xchange).

CVSS VectorVendor: open-xchange

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

2
Patch available
Jun 25, 2026 - 14:16 EUVD
Analysis Generated
Jun 25, 2026 - 13:32 vuln.today

DescriptionCVE.org

An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.

AnalysisAI

dnsdist's SetMacAddrAction handler exposes operators to uninitialized memory leakage in DNS responses and potential service crashes when the action is configured in the ruleset. The flaw is reachable over the network without authentication (AV:N/PR:N), but the high attack complexity (AC:H) constrains real-world impact to deployments that have explicitly enabled SetMacAddrAction - a non-default configuration. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send DNS query to exposed dnsdist listener
Exploit
Trigger SetMacAddrAction rule processing
Execution
Out-of-bounds read in MAC address buffer handler
Impact
Uninitialized memory embedded in DNS response or dnsdist process crash

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target dnsdist instance has SetMacAddrAction explicitly configured in its ruleset - this is a non-default, operator-defined action absent from standard dnsdist deployments. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 4.8 (Medium) with vector AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L is a reasonable representation of the constrained threat surface. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker sends DNS queries to a dnsdist instance that has SetMacAddrAction active in its policy ruleset, crafting or sending traffic that exercises the MAC address processing path. The out-of-bounds read causes dnsdist to embed uninitialized process memory fragments into the DNS response packets returned to the querying client, potentially leaking sensitive in-memory data to the attacker, or crashes the dnsdist process and disrupts DNS service for all downstream clients. …
Remediation The primary remediation is to upgrade dnsdist to the fixed version specified in the PowerDNS security advisory at https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html - no specific patch version number is derivable from the available data, so that advisory must be consulted directly. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected
SUSE Linux Enterprise Server 16.0 Affected

Share

CVE-2026-40210 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy