Cyber Resilience

CVE-2026-6507

High

Published: 17 April 2026

Published
17 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0005 15.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6507 is a high-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 15.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2026-6507 is an out-of-bounds write vulnerability (CWE-787) in the dnsmasq DNS and DHCP server. It affects dnsmasq instances configured with the --dhcp-split-relay option, where a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet triggers memory corruption in the daemon process. The vulnerability was published on 2026-04-17 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with low attack complexity.

A remote, unauthenticated attacker can exploit this flaw by sending a malicious BOOTREPLY packet to the vulnerable dnsmasq server over the network. Successful exploitation leads to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial-of-service condition that disrupts DHCP and DNS services for affected clients.

Red Hat has documented the issue in its security advisory at https://access.redhat.com/security/cve/CVE-2026-6507 and Bugzilla entry https://bugzilla.redhat.com/show_bug.cgi?id=2459181, which provide details on affected versions and available patches or mitigations.

EU & UK References

Vulnerability details

A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption,…

more

causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability enables remote exploitation of dnsmasq via crafted BOOTREPLY packets to cause memory corruption and service crash, directly facilitating Endpoint Denial of Service through Application or System Exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-24422Shared CWE-787
CVE-2026-41989Shared CWE-787
CVE-2025-13151Shared CWE-787
CVE-2020-37208Shared CWE-787
CVE-2026-43656Shared CWE-787
CVE-2025-24326Shared CWE-787
CVE-2021-47786Shared CWE-787
CVE-2019-25478Shared CWE-787
CVE-2026-27853Shared CWE-787
CVE-2026-24827Shared CWE-787

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the out-of-bounds write vulnerability by applying vendor patches to affected dnsmasq versions.

prevent

Prohibits or restricts the --dhcp-split-relay option in dnsmasq unless essential, preventing exposure to the crafted BOOTREPLY packet trigger.

preventdetect

Limits the effects of denial-of-service attacks exploiting memory corruption crashes from malicious BOOTREPLY packets sent to dnsmasq.

References