Medium severity6.5NVD Advisory· Published Mar 31, 2026· Updated Apr 14, 2026
CVE-2026-24029
CVE-2026-24029
Description
When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- osv-coordsRange: < 1.9.12-150700.3.9.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.