CVE Catalog

CVE-2026-42004

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Summary

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.

Risk Assessment

The risk is that an attacker can bypass DNSdist filtering rules and pass unwanted EDNS options to the backend, potentially leading to unauthorized data processing or attacks on the DNS server.

Recommendation

It is recommended to immediately update DNSdist to the latest version that includes a fix for this vulnerability, and verify the configuration of EDNS filtering rules.

Original NVD description (English source)

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS