CVE-2026-10846

Vulnerability

NLnet Labs ldns versions 1.2.0 up to and including 1.9.0, when used as a (stub) resolver over UDP, fail to properly match the query destination address and port with the response source address and port. Additionally, the query ID and question are not matched with the response, making applications using ldns vulnerable to off-path poisoning attacks. The drill tool is also affected [1].

Exploitation

An attacker can exploit this vulnerability by sending forged DNS responses to a victim application using ldns over UDP. The attacker does not need network access to the victim or authentication, and no user interaction is required. The vulnerability lies in the insufficient validation of the source address, port, query ID, and question of incoming DNS responses [1].

Impact

Successful exploitation allows an attacker to perform DNS cache poisoning. This can lead to redirecting network traffic to malicious servers, potentially resulting in significant information disclosure or other security compromises, depending on the application's use of the poisoned DNS data [1].

Mitigation

There is no specific fixed version or release date disclosed in the available references. Users are advised to check for updated versions of ldns or consult the vendor for mitigation strategies. It is not yet known if this vulnerability is listed on the Known Exploited Vulnerabilities (KEV) catalog [1].