CVE-2026-24281 in ZooKeeperinfo

Zusammenfassung

von MITRE • 07.03.2026

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Veröffentlichung

07.03.2026

Moderieren

akzeptiert

Eintrag

VDB-349618

CPE

bereit

CWE

CWE-297 (bestätigt)

CVSS

7.4 (NVD)

EPSS

0.00030

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-24281
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-24281
CVE Details	https://www.cvedetails.com/cve/CVE-2026-24281/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!