Cyber Posture

CVE-2026-6507

High

Published: 17 April 2026

Published
17 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0004 13.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6507 is a high-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SC-5 (Denial-of-service Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the out-of-bounds write vulnerability by applying vendor patches to affected dnsmasq versions.

CM-7 Least Functionality good match
prevent

Prohibits or restricts the --dhcp-split-relay option in dnsmasq unless essential, preventing exposure to the crafted BOOTREPLY packet trigger.

SC-5 Denial-of-service Protection good match
preventdetect

Limits the effects of denial-of-service attacks exploiting memory corruption crashes from malicious BOOTREPLY packets sent to dnsmasq.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

The vulnerability enables remote exploitation of dnsmasq via crafted BOOTREPLY packets to cause memory corruption and service crash, directly facilitating Endpoint Denial of Service through Application or System Exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption,…

more

causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).

Deeper analysisAI

CVE-2026-6507 is an out-of-bounds write vulnerability (CWE-787) in the dnsmasq DNS and DHCP server. It affects dnsmasq instances configured with the --dhcp-split-relay option, where a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet triggers memory corruption in the daemon process. The vulnerability was published on 2026-04-17 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with low attack complexity.

A remote, unauthenticated attacker can exploit this flaw by sending a malicious BOOTREPLY packet to the vulnerable dnsmasq server over the network. Successful exploitation leads to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial-of-service condition that disrupts DHCP and DNS services for affected clients.

Red Hat has documented the issue in its security advisory at https://access.redhat.com/security/cve/CVE-2026-6507 and Bugzilla entry https://bugzilla.redhat.com/show_bug.cgi?id=2459181, which provide details on affected versions and available patches or mitigations.

Details

CWE(s)
CWE-787

CVEs Like This One

CVE-2026-6069Shared CWE-787
CVE-2025-25372Shared CWE-787
CVE-2024-7695Shared CWE-787
CVE-2025-24139Shared CWE-787
CVE-2025-27598Shared CWE-787
CVE-2025-13151Shared CWE-787
CVE-2025-24326Shared CWE-787
CVE-2026-29775Shared CWE-787
CVE-2026-41989Shared CWE-787
CVE-2026-24827Shared CWE-787

References