Cisco SD-WAN scores a perfect 10.0, plus dnsmasq and Go HTTP/2 DoS bugs

GnuTLS mishandles a NUL character in usernames during authentication, allowing an attacker to bypass authentication entirely. If your services rely on GnuTLS for TLS client certificate or SRP authentication, someone could slip past identity checks with a crafted username. CVSS 7.1, not yet exploited in the wild.

Included because

authentication bypass; common TLS library; no user interaction required

Affected estate

Azure Linux 3.0 systems with gnutls 3.8.3-8 installed.

How to check

Run `tdnf list installed gnutls` or `rpm -q gnutls` and check for version 3.8.3-8.

Action

Update gnutls via `tdnf update gnutls` and restart any services that link against it.

Urgency

Patch within 24 hours

Why it matters

An authentication bypass in a core TLS library can let attackers impersonate legitimate users or gain unauthorized access to protected services.

Source

NVD

A vulnerability in dnsmasq scores CVSS 8.4, though the vendor description is sparse. Dnsmasq handles DNS and DHCP for a huge number of networks, containers, and embedded devices, so any high-severity bug here deserves fast attention. Details are limited, but the score suggests local or adjacent network exploitation with significant impact.

Included because

high CVSS; common infrastructure service; DNS/DHCP exposure

Affected estate

Azure Linux 3.0 systems with dnsmasq 2.90-1.

How to check

Run `dnsmasq --version` or `rpm -q dnsmasq` and confirm the installed version.

Action

Update dnsmasq via `tdnf update dnsmasq` and restart the dnsmasq service.

Urgency

Patch within 24 hours

Why it matters

Dnsmasq is everywhere: containers, VMs, network appliances. A CVSS 8.4 bug in a DNS/DHCP service can affect availability and integrity of name resolution across your environment.

Source

NVD

This is as bad as it gets: CVSS 10.0. An unauthenticated remote attacker can bypass peering authentication on Cisco Catalyst SD-WAN Controller (vSmart) and SD-WAN Manager (vManage), then log in as a high-privileged internal account. From there, the attacker gets NETCONF access and can manipulate your entire SD-WAN fabric configuration. No credentials needed, no user interaction.

Included because

unauthenticated; remote; CVSS 10.0; internet-facing control plane; full admin access; common enterprise SD-WAN product

Affected estate

All versions of Cisco Catalyst SD-WAN Manager (formerly vManage) and Cisco Catalyst SD-WAN Controller (formerly vSmart).

How to check

Run `show version` on your SD-WAN controllers and managers. Also run `show control connections` as noted in the Cisco advisory to check for anomalous peering sessions.

Action

Upgrade SD-WAN Manager and Controller to the fixed release listed in Cisco's May 2026 security advisory. Review control connections for signs of unauthorized peering.

Urgency

Patch immediately

Why it matters

An unauthenticated attacker can take administrative control of your SD-WAN fabric and rewrite network configuration across every site. This is full infrastructure compromise with zero credentials required.

Source

Cisco Security Advisory

Twisted's DNS resolver (twisted.names) can be crashed with crafted DNS responses that use recursive compression pointer chains. An attacker who can send or spoof DNS replies to a Twisted-based application can cause a denial of service. No authentication required, but the attacker does need to be in a position to deliver DNS responses to the target.

Included because

unauthenticated; denial of service; DNS protocol exposure; common Python framework

Affected estate

Azure Linux 3.0 systems with python-twisted 22.10.0-4 installed.

How to check

Run `rpm -q python-twisted` or `pip show twisted` to confirm the installed version.

Action

Update python-twisted via `tdnf update python-twisted` and restart any services that depend on it.

Urgency

Patch this week

Why it matters

A crafted DNS response can crash or hang any Twisted-based service using its built-in DNS resolver, causing a denial of service.

Source

NVD