CVE-2026-35406

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-35406
Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1.

6.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1 Patch
https://github.com/containers/aardvark-dns/releases/tag/v1.17.1 Release Notes
https://github.com/containers/aardvark-dns/security/advisories/GHSA-hfpq-x728-986j Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:containers:aardvark-dns:*:*:*:*:*:*:*:*
History

16 Apr 2026, 04:33

Type Values Removed Values Added
References () https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1 - () https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1 - Patch
References () https://github.com/containers/aardvark-dns/releases/tag/v1.17.1 - () https://github.com/containers/aardvark-dns/releases/tag/v1.17.1 - Release Notes
References () https://github.com/containers/aardvark-dns/security/advisories/GHSA-hfpq-x728-986j - () https://github.com/containers/aardvark-dns/security/advisories/GHSA-hfpq-x728-986j - Patch, Vendor Advisory
CPE cpe:2.3:a:containers:aardvark-dns:*:*:*:*:*:*:*:*
CWE CWE-835
First Time Containers aardvark-dns
Containers

07 Apr 2026, 22:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-04-07 22:16

Updated : 2026-04-16 04:33

NVD link : CVE-2026-35406

Mitre link : CVE-2026-35406

CVE.ORG link : CVE-2026-35406

JSON object : View

Products Affected

containers

  • aardvark-dns
CWE
CWE-400

Uncontrolled Resource Consumption

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')