CVE-2026-27831
HIGHrldns 1.3 - Denial of Service via Heap-Based Out-of-Bounds Read
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2026-27831. PoCs published by XiaomingX, XZ1r0, bluedragonsecurity.
AI-analyzed exploit summary This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The PoC includes data extraction logic for admin credentials and hashes.
Description
rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue.
Exploits (3)
This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The PoC includes data extraction logic for admin credentials and hashes.
This repository contains a functional proof-of-concept exploit for CVE-2026-27831, demonstrating a remote heap-based out-of-bounds read vulnerability in rldns version 1.3, leading to a denial of service. The exploit sends a crafted UDP packet to trigger the vulnerability.
This repository contains a functional proof-of-concept exploit for CVE-2026-27831, a heap-based out-of-bounds read vulnerability in rldns version 1.3. The exploit sends a crafted UDP packet to trigger a denial-of-service condition.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H