Cyber Resilience

CVE-2026-27831

High

Published: 26 February 2026

Published
26 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 19.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27831 is a high-severity Out-of-bounds Read (CWE-125) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-27831 is a heap-based out-of-bounds read vulnerability (CWE-125) affecting rldns, an open source DNS server. The issue exists in version 1.3, where improper bounds checking during memory access leads to a denial of service condition. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for remote disruption without authentication or user interaction.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity by sending a specially crafted DNS query to the rldns server running version 1.3. Successful exploitation triggers the out-of-bounds read on the heap, causing the server process to crash and resulting in a denial of service that disrupts DNS resolution services for affected systems.

Advisories from the rldns GitHub security page (GHSA-fv38-45j4-g9x4) and related analyses confirm that version 1.4 includes a patch addressing the heap out-of-bounds read. Security practitioners should upgrade to rldns 1.4 or later, with patch details available in the provided diff file and advisory reports.

EU & UK References

Vulnerability details

rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated heap OOB read in public-facing DNS server directly enables T1190 (exploiting public-facing app over network) to achieve T1499.004 (application crash/DoS via crafted query).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-41604Shared CWE-125
CVE-2026-30997Shared CWE-125
CVE-2026-40890Shared CWE-125
CVE-2026-26008Shared CWE-125
CVE-2026-41475Shared CWE-125
CVE-2026-25898Shared CWE-125
CVE-2026-21888Shared CWE-125
CVE-2026-4750Shared CWE-125
CVE-2026-41503Shared CWE-125
CVE-2026-26264Shared CWE-125

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the heap-based out-of-bounds read by requiring timely identification, reporting, and patching of the flaw as fixed in rldns version 1.4.

prevent

Addresses the root cause of improper bounds checking on crafted DNS queries by enforcing validation of all information inputs to the DNS server.

prevent

Provides system-level memory protections such as heap hardening and randomization to mitigate the impact of out-of-bounds reads on the DNS server process.

References