CVE-2026-27831

HIGH

rldns 2.3 - DoS

Title source: llm

Description

rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-27831

View Code ZIP pw:eip

nomisec WORKING POC

by bluedragonsecurity · poc

https://github.com/bluedragonsecurity/CVE-2026-27831-POC

View Code ZIP pw:eip

References (4)

[Various Sources] https://github.com/bluedragonsecurity/rldns-1.3-heap-out-of-bounds-vulnerability-fixed-in-rldns-1.4

View Writeup ZIP pw:eip

[Vendor Advisory] https://github.com/bluedragonsecurity/rldns/security/advisories/GHSA-fv38-45j4-g9x4

[Third Party Advisory] https://github.com/bluedragonsecurity/rldns_archives/blob/main/diff/rldns-1.4.diff

View Writeup ZIP pw:eip

[Various Sources] https://medium.com/@w1sdom/heap-based-buffer-over-read-vulnerability-in-rldns-1-3-5da3bccdc031

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 18.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-125

Status published

Products (1)

bluedragonsecurity/rldns = 1.3

Published Feb 26, 2026

Tracked Since Feb 26, 2026