dnsmasq hits six critical vulnerabilities

// 1d agoSECURITY INCIDENT

dnsmasq hits six critical vulnerabilities

Six new CVEs for the ubiquitous dnsmasq network tool expose millions of systems to remote code execution and cache poisoning. Users should upgrade to version 2.92rel2 immediately to patch these long-standing memory safety bugs identified through AI-assisted research.

// ANALYSIS

The maintainer's report of a "tsunami" of AI-generated bug reports signals a new era where legacy C codebases are under constant, automated scrutiny.

–Six CVEs range from Denial of Service to critical Remote Code Execution (RCE) via DHCPv6
–Affects almost all non-ancient versions, highlighting the risk of long-term "silent" bugs in core network infrastructure
–The discovery via AI fuzzing suggests that the window for manual vulnerability triage is closing as exploit discovery democratizes
–Immediate patches are available in 2.92rel2, with a fast-tracked 2.93 release focusing on architectural root causes
–Major downstream projects like Pi-hole and various Linux distributions have already begun pushing emergency updates

// TAGS

dnsmasqsecurityopen-sourcedevtooldebugging

DISCOVERED

1d ago

2026-05-12

PUBLISHED

1d ago

2026-05-12

RELEVANCE

8/ 10

AUTHOR

chizhik-pyzhik

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

NEWS7h ago

Cisco cuts 4,000 jobs to fuel AI pivot

Cisco is reducing its global workforce by approximately 5%—fewer than 4,000 employees—to accelerate a strategic pivot toward AI infrastructure and cybersecurity following a massive Q3 order forecast increase to $9 billion. The restructuring focuses capital on high-growth sectors including AI-optimized silicon, data center optics, and the newly integrated Splunk security portfolio.

OPEN SOURCE7h ago

HyperFrames workflow automates end-to-end video production

Cole Medin has released an open-source reference implementation that integrates Claude Code, Archon, and the HyperFrames framework to automate the entire video production lifecycle. The workflow enables AI agents to handle research, scripting, and ElevenLabs voice generation before programmatically rendering polished, synchronized vertical videos using an HTML/GSAP-based engine.

SECURITY7h ago

Researcher leaks two Windows zero-days

Disgruntled researcher "Nightmare-Eclipse" released unpatched BitLocker bypass and privilege escalation exploits for Windows 11 on GitHub. The leaks are part of an ongoing protest against Microsoft's vulnerability response process and follow the weaponized use of previous disclosures.