7.4
CVE-2026-24281
- EPSS 0.63%
- Veröffentlicht 07.03.2026 08:50:32
- Zuletzt bearbeitet 03.07.2026 13:17:00
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.46 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action
The product performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.
https://lists.apache.org/thread/088ddsbrzhd5lxzbqf5n24yg0mwh9jt2
http://www.openwall.com/lists/oss-security/2026/03/07/4
https://access.redhat.com/errata/RHSA-2026:10184
https://access.redhat.com/errata/RHSA-2026:8509
https://access.redhat.com/errata/RHSA-2026:14272
https://access.redhat.com/errata/RHSA-2026:14276
https://access.redhat.com/security/cve/CVE-2026-24281
https://bugzilla.redhat.com/show_bug.cgi?id=2445449
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24281.json
https://access.redhat.com/errata/RHSA-2026:34608