cbcvebase.
CVE-2026-33811
published 2026-05-07

CVE-2026-33811: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.81%
52.4th percentile
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

Affected

113 ranges· showing 25
VendorProductVersion rangeFixed in
3scale-amp23scale-rhel7-operator
3scale-amp23scale-rhel9-operator
advanced-cluster-securityrhacs-main-rhel8
ansible-automation-platform-26receptor-rhel9
ansible-automation-platformplatform-operator-bundle
apicurioapicurio-registry-rhel8-operator
apicurioapicurio-registry-rhel9-operator
build-of-trusteetrustee-rhel9-operator
buildah_projectbuildah
cert-managerjetstack-cert-manager-rhel9
complianceopenshift-compliance-operator-bundle
complianceopenshift-selinuxd-rhel8
confidential-compute-attestation-tech-previewtrustee-rhel9-operator
confidential-containerstrustee
container-native-virtualizationkubevirt-apiserver-proxy-rhel9
container-native-virtualizationvirt-api-rhel9
container-tools_rhel8conmon
container-tools_rhel8containernetworking-plugins
container-tools_rhel8oci-seccomp-bpf-hook
container-tools_rhel8runc
container-tools_rhel8skopeo
container-tools_rhel8toolbox
cryostatcryostat-storage-rhel9
custom-metrics-autoscalercustom-metrics-autoscaler-rhel9
debianqpid-proton

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.