CVE-2026-1425

MEDIUM 5.6

pymumu SmartDNS SVBC Record dns.c _dns_decode_SVCB_HTTPS stack-based overflow

CVSS Score

5.6

EPSS Score

0.0%

EPSS Percentile

0th

A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record Parser. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The patch is identified as 2d57c4b4e1add9b4537aeb403f794a084727e1c8. Applying a patch is advised to resolve this issue.

CWE	CWE-121 CWE-119
Vendor	pymumu
Product	smartdns
Published	Jan 26, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for pymumu smartdns

Be the first to know when new medium vulnerabilities affecting pymumu smartdns are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

pymumu / SmartDNS

47.0 47.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.342841 vuldb.com: https://vuldb.com/?ctiid.342841 vuldb.com: https://vuldb.com/?submit.736827 github.com: https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084727e1c8 github.com: https://github.com/pymumu/smartdns/

Credits

🔍 liloler (VulDB User)