CVE-2026-42304

Daily digests

Twisted's DNS resolver (twisted.names) can be crashed with crafted DNS responses that use recursive compression pointer chains. An attacker who can send or spoof DNS replies to a Twisted-based application can cause a denial of service. No authentication required, but the attacker does need to be in a position to deliver DNS responses to the target.

• Daily Digest · May 15, 2026

  Cisco SD-WAN auth bypass, CVSS 10.0