← Volver a CVEs
CVE-2026-24029
MEDIUM6.5
Descripcion
When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/31/2026
Ultima modificacion4/1/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-863
Referencias
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html(security@open-xchange.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.