Internet Explorer is no longer supported. Many things will still work, but your experience will be degraded and some things won't function. Please use a modern browser such as Edge, Chrome, or Firefox.
Inedo Security Labs

PGV-2634741

Disclosed on May 11, 2026 (updated May 12, 2026)

Vulnerability Overview

PGV-2634741 is a category 2 vulnerabilty that affects debian/dnsmasq source, versions *, < 2.90-4~deb12u2, < 2.91-1+deb13u1, *

CVSS Score: 8.4 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Risk Assessment

customize

The risk assessment shows that this vulnerability is exlpoited by a no attacker (theoretical scenario). This attack scenario is theoretical and does not correspond to a realistic attacker profile.

The impact is contained to the application. Exploitation remains confined to the application and cannot affect the host environment or external systems.

The threat damage is caused by a denial of service. Exploitation can completely deny access to the application, resulting in a full outage.is caused by a data breach. Exploitation can result in full access to data within the system.is caused by data tampering. Exploitation can result in modification of any data (authorized or not) within the system.

Vulnerability Details

A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.

Additional References

Your Risk Profile
Network Exposure
External
Accessable from the public internet
Access Interface
WebBrowser
Primarily web-based applications
Service Outage
Disruptive
Operations would be impacted
Data Breach
Disruptive
Operations would be impacted
Data Tampering
Disruptive
Operations would be impacted
Customize
Additional Identifiers
  • DEBIAN-CVE-2026-4892

v2.0.4 © 2026 Inedo, LLC