CVE-2026-10846

HIGH

CVSS v4.0: 8.2 · EPSS: 0.0002 (5.4 percentile)

NetworkNo privilegesNo user interaction

Source data as of:

At a glance

Severity
HIGH
CVSS
8.2 v4.0 · NVD
EPSS
0.0002 (5.4 percentile) · FIRST.org
CISA KEV
No
Attack conditions (CVSS vector)
NetworkNo privilegesNo user interaction · Source: NVD Vector
Published
2026-06-10 · Modified: 2026-06-10
References
Jump to references (2)

CVSS / EPSS / KEV

CVSS v4.0 8.2 / 10 HIGH Source: NVD
EPSS 0.0002 5.4 percentile Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of the response. This makes applications, that use ldns for (stub) resolver functionality over UDP, vulnerable for off-path poisoning attacks. The drill tool, which is shipped with ldns, suffers from this vulnerability.

Record details

CVE ID
CVE-2026-10846
CVSS (v4.0)
8.2 (HIGH)
Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS
0.0002 (5.4 percentile) — 2026-06-11
CISA KEV
No
Weakness (CWE)
CWE-346
Affected configurations (CPE)
0
Published
2026-06-10
Modified
2026-06-10
Status
Awaiting Analysis

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Related records

Other records sharing a factual facet, for cross-reference. A descriptive neighbourhood — ordering does not imply priority and is not a recommendation.

Same weakness type (CWE)

CVE-2026-42558 HIGH CVSS 7.6 CVE-2026-11194 MEDIUM CVSS 6.5 CVE-2026-11195 MEDIUM CVSS 6.5 CVE-2026-11278 MEDIUM CVSS 6.5

Published the same year

CVE-2026-46695 CRITICAL CVSS 10.0 CVE-2026-47938 CRITICAL CVSS 10.0 CVE-2026-48303 CRITICAL CVSS 10.0 CVE-2026-45552 CRITICAL CVSS 9.9
← Back to all records