CERT releases six serious security CVEs for dnsmasq
Original: CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq
Why This Matters
Major security updates for widely-used DNS/DHCP server software dnsmasq
CERT released six CVEs for serious security vulnerabilities in dnsmasq on May 11, 2026. The bugs affect nearly all non-ancient versions and have been pre-disclosed to vendors. A patched 2.92rel2 release is available.
Simon Kelley announced that CERT released six CVEs for serious long-standing security vulnerabilities in dnsmasq affecting nearly all non-ancient versions. The CVEs were pre-disclosed to vendors for timely patches. A patched 2.92rel2 release is now available with fixes applied. Kelley noted a revolution in AI-based security research has led to numerous bug reports requiring extensive triaging. He emphasized prioritizing immediate fixes over long embargoes, stating bad actors likely already discovered these vulnerabilities. Multiple security-fix commits were made to the git repository prior to this announcement. Dnsmasq-2.93rc1 will be tagged soon with a stable 2.93 release planned within a week, prioritizing timeliness over comprehensive fixes.