CVE Notify
19.1K subscribers
4 photos
185K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2026-40208
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.

πŸŽ–@cveNotify
🚨 CVE-2026-40210
An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.

πŸŽ–@cveNotify
🚨 CVE-2026-40211
An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memory condition, resulting in a denial of service.

πŸŽ–@cveNotify
🚨 CVE-2026-42004
An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.

πŸŽ–@cveNotify
🚨 CVE-2026-12755
Improper input validation in the PAM AD discovery endpoints in
Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated
user with the UserGroupsView permission to coerce server-side
authentication to an attacker-controlled host, exposing PAM provider
credentials as a NTLMv2 challenge-response, via a crafted DomainName
parameter.

πŸŽ–@cveNotify
🚨 CVE-2026-40012
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;

πŸŽ–@cveNotify
🚨 CVE-2026-42387
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.

πŸŽ–@cveNotify
🚨 CVE-2026-42388
Incomplete validation of the SOA record present in a catalog zone might lead to a crash.

πŸŽ–@cveNotify
🚨 CVE-2026-42389
This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers.

πŸŽ–@cveNotify
🚨 CVE-2026-42390
An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation.

πŸŽ–@cveNotify
🚨 CVE-2026-52690
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail.

πŸŽ–@cveNotify
🚨 CVE-2026-13222
Our payment integration with Oppwa-based payment methods did not
properly validate payment status responses. An attacker could use a
successful payment status response from one payment and supply it to the
system for a different payment, gaining access to multiple valid
tickets with only one payment.

πŸŽ–@cveNotify
🚨 CVE-2026-13223
Our payment integration with Computop-based payment methods did not
properly validate payment status responses. An attacker could use a
successful payment status response from one payment and supply it to the
system for a different payment, gaining access to multiple valid
tickets with only one payment.

πŸŽ–@cveNotify