CVE-2026-35406 — MEDIUM (6.2)

Q: How severe is CVE-2026-35406?

CVE-2026-35406 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-35406?

Check the references section above for vendor advisories and patch information. Affected products include: Containers Aardvark-Dns.

Vulnerability Description

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1.

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Containers	Aardvark-Dns	>= 1.16.0, < 1.17.1

Related Weaknesses (CWE)

CWE-835 CWE-400

References

https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13Patch
https://github.com/containers/aardvark-dns/releases/tag/v1.17.1Release Notes
https://github.com/containers/aardvark-dns/security/advisories/GHSA-hfpq-x728-98PatchVendor Advisory

FAQ

What is CVE-2026-35406?

CVE-2026-35406 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable ...

How severe is CVE-2026-35406?

CVE-2026-35406 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-35406?

Check the references section above for vendor advisories and patch information. Affected products include: Containers Aardvark-Dns.