Security Advisory

CVE-2026-24029

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-31 11:59:12

Last updated 2026-03-31 13:15:37

Assigner OX

State PUBLISHED

Description

When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.

← Browse all CVEs View on cve.org ↗