## This update for dnsdist fixes the following issues * CVE-2026-0396: crafted DNS queries can allow to inject HTML content (bsc#1261236). * CVE-2026-0397: CORS misconfiguration can lead to information disclosure (bsc#1261237). * CVE-2026-24028: crafted DNS response packet can lead to an out-of-bounds read (bsc#1261238). * CVE-2026-24029: HTTPS ACL bypass can allow clients to send DoH queries (bsc#1261239). * CVE-2026-24030: allocating too much memory while processing DNS can result in a denial of service (bsc#1261240). * CVE-2026-27853: crafted DNS responses can lead to an out-of-bounds write (bsc#1261241). * CVE-2026-27854: crafted DNS queries can be used to trigger a use-after-free (bsc#1261243). * CVE-2026-33254: Resource exhaustion via DoQ/DoH3 connections (bsc#1262538).
* bsc#1261236
* bsc#1261237
* bsc#1261238
* bsc#1261239
* bsc#1261240
* bsc#1261241
* bsc#1261243
* bsc#1262536
* bsc#1262537
* bsc#1262538
* bsc#1262539
* bsc#1262540
* bsc#1262541
* bsc#1262542
* bsc#1262543
* bsc#1262544
* bsc#1262545
* bsc#1262546
Cross-
* CVE-2026-0396
* CVE-2026-0397
* CVE-2026-24028
* CVE-2026-24029
* CVE-2026-24030
* CVE-2026-27853
* CVE-2026-27854
* CVE-2026-33254
* CVE-2026-33257
* CVE-2026-33260
* CVE-2026-33593
* CVE-2026-33594
* CVE-2026-33595
* CVE-2026-33596
* CVE-2026-33597
* CVE-2026-33598
* CVE-2026-33599
* CVE-2026-33602
CVSS scores:
* CVE-2026-0396 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-0396 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Get the latest Linux and open source security news straight to your inbox.