CVE-2026-24030
CWE-789Published: March 31, 2026· Updated: Apr 1, 2026
Official Description
An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process.
Technical Analysis
CVE-2026-24030 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (1)
Quick Facts
Related CVEs (CWE-789)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-24030 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts