High severity8.4NVD Advisory· Published May 11, 2026· Updated May 12, 2026
CVE-2026-4892
CVE-2026-4892
Description
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords7 versionspkg:apk/chainguard/dnsmasqpkg:apk/wolfi/dnsmasqpkg:rpm/almalinux/dnsmasqpkg:rpm/almalinux/dnsmasq-utilspkg:rpm/opensuse/dnsmasq&distro=openSUSE%20Tumbleweedpkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 2.93-r0+ 6 more
- (no CPE)range: < 2.93-r0
- (no CPE)range: < 2.93-r0
- (no CPE)range: < 2.90-7.el10_2
- (no CPE)range: < 2.90-7.el10_2
- (no CPE)range: < 2.92rel2-1.1
- (no CPE)range: < 2.92rel2-18.27.1
- (no CPE)range: < 2.92rel2-18.27.1
Patches
Vulnerability mechanics
References
6News mentions
2- OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security FlawsThe Hacker News · Jun 23, 2026
- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026