{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-09T00:00:00Z",
  "bugzilla" : {
    "description" : "dnsmasq: Broken ECS source validation bypass",
    "id" : "2458519",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2458519"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.", "A validation bypass was discovered in dnsmasq's RFC 7871 client subnet (ECS) handling. When verifying ECS source information in DNS responses, dnsmasq passes the OPT record length instead of the full packet length to the validation function.This causes all internal bounds checks to fail, completely bypassing ECS source validation and allowing an attacker to spoof client subnet information." ],
  "statement" : "Red Hat rates this as Moderate. This issue affects deployments with the `--add-subnet` option enabled. The impact is limited to bypassing ECS source validation, which could allow cache manipulation scoped to specific subnets or minor information disclosure about network topology.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19158",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "dnsmasq-0:2.90-7.el10_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19373",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "dnsmasq-0:2.85-18.el9_8.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "dnsmasq",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "dnsmasq",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "dnsmasq",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-4893\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4893\nhttps://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html" ],
  "name" : "CVE-2026-4893",
  "csaw" : false
}