High severity7.5OSV Advisory· Published May 3, 2024· Updated Apr 15, 2026
CVE-2024-34446
CVE-2024-34446
Description
Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 2017.1-alpha4, 2017.1-alpha5, 2017.1-beta1, …
- Range: <=2024.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.