Cyber Resilience

CVE-2026-35406

Medium

Published: 07 April 2026

Published
07 April 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v3.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0001 2.6th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35406 is a medium-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Containers Aardvark-Dns. Its CVSS base score is 6.2 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-35406 is a denial-of-service vulnerability in aardvark-dns, an authoritative DNS server for A/AAAA container records. Versions 1.16.0 through 1.17.0 are affected, where a truncated TCP DNS query followed by a connection reset triggers an unrecoverable infinite error loop, consuming 100% CPU. The issue is rated 6.2 on the CVSS v3.1 scale (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-400 (Uncontrolled Resource Consumption) and CWE-835 (Infinite Loop).

A local attacker with no privileges required can exploit this vulnerability with low complexity and no user interaction. By sending a specially crafted truncated TCP DNS query and then resetting the connection, the attacker causes aardvark-dns to enter the infinite loop, resulting in high availability impact through complete CPU exhaustion and service unavailability.

The vulnerability is fixed in aardvark-dns version 1.17.1. Security practitioners should upgrade to this release, as detailed in the GitHub security advisory (GHSA-hfpq-x728-986j), release notes, and the fixing commit. No workarounds are specified in the available references.

EU & UK References

Vulnerability details

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed…

more

in 1.17.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability enables an attacker to exploit a crafted TCP DNS query triggering an infinite loop and CPU exhaustion in the aardvark-dns service, directly mapping to T1499.004 Application or System Exploitation for causing service unavailability.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-26066Shared CWE-400, CWE-835
CVE-2024-56921Shared CWE-400
CVE-2026-21945Shared CWE-400
CVE-2024-33618Shared CWE-400
CVE-2025-9278Shared CWE-400
CVE-2026-41135Shared CWE-400
CVE-2026-20650Shared CWE-400
CVE-2025-71031Shared CWE-400
CVE-2025-25293Shared CWE-400
CVE-2026-34282Shared CWE-400

Affected Assets

containers
aardvark-dns
1.16.0 — 1.17.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the specific flaw by applying the vendor patch in aardvark-dns version 1.17.1 to eliminate the infinite error loop.

preventdetect

Protects against denial-of-service attacks by implementing rate limiting, connection throttling, and resource controls to counter truncated TCP DNS queries and resets causing CPU exhaustion.

prevent

Ensures robust error handling that prevents unrecoverable infinite loops and resource consumption from malformed TCP inputs and connection resets in the DNS server.

References