CVE-2026-26206

Wazuh server API brute-force protection for POST /security/user/authenticate can be bypassed via a race condition when handling concurrent authentication requests. From versions 4.0.0 up to before 4.14.4, sequential requests honor the max_login_attempts threshold (default 50) but parallel bursts ...

USN-7925-1 c-ares vulnerability

It was discovered that c-ares incorrectly handled terminating certain queries after a maximum number of attempts. An attacker could possibly use this issue to cause c-ares to crash, resulting in a denial of service...

CVE-2025-62408

A flaw was found in c-ares. This vulnerability allows a Denial of Service DoS via terminating a query after maximum attempts when using readanswer and processanswer functions. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the readanswer or processanswer functions when a query is terminated after reaching the maximum number of attempts. An attacker can cause a crash by triggering error conditions that lead to premature connection cleanup...

CVE-2025-62408

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...