Infinite Error Loop Vulnerability in Aardvark-DNS Server by Containers
CVE-2026-35406

6.2MEDIUM

Key Information:

Vendor

Containers

Status
Aardvark-dns
Vendor
CVE Published:
7 April 2026

What is CVE-2026-35406?

A vulnerability in Aardvark-DNS, an authoritative DNS server for A/AAAA container records, allows for an infinite error loop that results in 100% CPU usage. This occurs when a truncated TCP DNS query is followed by a connection reset, causing the server to become unresponsive. Users are encouraged to update to version 1.17.1, where this issue has been resolved.

Affected Version(s)

aardvark-dns >= 1.16.0, < 1.17.1

References

https://github.com/containers/aardvark-dns/security/advis...
x_refsource_CONFIRM
https://github.com/containers/aardvark-dns/commit/3b49ea7...
x_refsource_MISC
https://github.com/containers/aardvark-dns/releases/tag/v...
x_refsource_MISC

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.