CVE-2026-6507

Vulnerability

Overview

CVE-2026-6507 is an out-of-bounds write vulnerability in dnsmasq, a lightweight DNS and DHCP server. The flaw occurs during the processing of specially crafted BOOTREPLY (Bootstrap Protocol Reply) packets when the --dhcp-split-relay option is configured [1]. This option enables split-relay functionality for DHCP messages, and the improper handling of certain packet fields leads to memory corruption.

Exploitation

An attacker can exploit this vulnerability remotely without authentication by sending a malicious BOOTREPLY packet to a vulnerable dnsmasq server. The attack requires the server to have the --dhcp-split-relay option enabled, which is not a default configuration [2]. No special network position is needed beyond the ability to send UDP packets to the DHCP server port.

Impact

Successful exploitation results in memory corruption that causes the dnsmasq daemon to crash, leading to a denial of service (DoS). This disrupts DNS and DHCP services for all clients relying on the affected server. The CVSS v3 base score is 7.5 (High), reflecting the ease of remote exploitation and the potential for service interruption [1].

Mitigation

Red Hat has acknowledged the vulnerability and assigned it a medium priority. As of the publication date, a patch is not yet available; users are advised to monitor the referenced bug tracker for updates [2]. Disabling the --dhcp-split-relay option, if not required, can mitigate the risk. The vulnerability is not known to be exploited in the wild or listed in CISA's Known Exploited Vulnerabilities catalog.