CVE-2026-24281 in ZooKeeper정보

요약

\~에 의해 MITRE • 2026. 03. 07.

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

공개

2026. 03. 07.

모더레이션

수락

항목

VDB-349618

CPE

준비됨

CWE

CWE-297 (확인됨)

CVSS

7.4 (NVD)

EPSS

0.00030

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-24281
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-24281
CVE Details	https://www.cvedetails.com/cve/CVE-2026-24281/

◂ 이전 개요 다음 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!