Vulnerabilities

CVE-2026-24281 - Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in Z...

2026-03-07 0 views admin

CVE ID :CVE-2026-24281 Published : March 7, 2026, 9:16 a.m. | 24 minutes ago Description :Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-24281

Published

March 7, 2026

Affected Product: Apache

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-24281apache

CVE-2026-24281 - Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in Z...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-14675 - Meta Box <= 5.11.1 - authenticated (contributor+) arbitrary file deletion

CVE-2026-1073 - Purchase Button For Affiliate Link <= 1.0.2 - cross-site request forgery to setti...

CVE-2026-1071 - Carta Online <= 2.13.0 - authenticated (administrator+) stored cross-site scripti...

CVE-2026-1087 - The Guardian News Feed <= 1.2 - cross-site request forgery to settings update

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting