CVE-2026-35406

Medium

Published: 07 April 2026

Published

07 April 2026

Modified

16 April 2026

KEV Added

—

Patch

—

CVSS Score 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0001 2.6th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35406 is a medium-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Containers Aardvark-Dns. Its CVSS base score is 6.2 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the specific flaw by applying the vendor patch in aardvark-dns version 1.17.1 to eliminate the infinite error loop.

SC-5 Denial-of-service Protection good match

preventdetect

Protects against denial-of-service attacks by implementing rate limiting, connection throttling, and resource controls to counter truncated TCP DNS queries and resets causing CPU exhaustion.

SI-11 Error Handling good match

prevent

Ensures robust error handling that prevents unrecoverable infinite loops and resource consumption from malformed TCP inputs and connection resets in the DNS server.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The vulnerability enables an attacker to exploit a crafted TCP DNS query triggering an infinite loop and CPU exhaustion in the aardvark-dns service, directly mapping to T1499.004 Application or System Exploitation for causing service unavailability.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed…

in 1.17.1.

Deeper analysisAI

CVE-2026-35406 is a denial-of-service vulnerability in aardvark-dns, an authoritative DNS server for A/AAAA container records. Versions 1.16.0 through 1.17.0 are affected, where a truncated TCP DNS query followed by a connection reset triggers an unrecoverable infinite error loop, consuming 100% CPU. The issue is rated 6.2 on the CVSS v3.1 scale (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-400 (Uncontrolled Resource Consumption) and CWE-835 (Infinite Loop).

A local attacker with no privileges required can exploit this vulnerability with low complexity and no user interaction. By sending a specially crafted truncated TCP DNS query and then resetting the connection, the attacker causes aardvark-dns to enter the infinite loop, resulting in high availability impact through complete CPU exhaustion and service unavailability.

The vulnerability is fixed in aardvark-dns version 1.17.1. Security practitioners should upgrade to this release, as detailed in the GitHub security advisory (GHSA-hfpq-x728-986j), release notes, and the fixing commit. No workarounds are specified in the available references.