Security Advisory

CVE-2026-27854

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-31 12:06:46

Last updated 2026-04-02 13:46:22

Assigner OX

State PUBLISHED

Description

An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a use-after-free and potentially a crash resulting in denial of service.

← Browse all CVEs View on cve.org ↗