{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T12:18:32.118","vulnerabilities":[{"cve":{"id":"CVE-2026-24281","sourceIdentifier":"security@apache.org","published":"2026-03-07T09:16:07.437","lastModified":"2026-03-10T18:18:17.727","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols."},{"lang":"es","value":"La verificación de nombre de host en Apache ZooKeeper ZKTrustManager recurre a DNS inverso (PTR) cuando falla la validación IP SAN, permitiendo a los atacantes que controlan o falsifican registros PTR suplantar servidores o clientes de ZooKeeper con un certificado válido para el nombre PTR. Es importante señalar que el atacante debe presentar un certificado que sea de confianza para ZKTrustManager, lo que hace que el vector de ataque sea más difícil de explotar. Se recomienda a los usuarios actualizar a la versión 3.8.6 o 3.9.5, que corrige este problema al introducir una nueva opción de configuración para deshabilitar la búsqueda de DNS inverso en los protocolos de cliente y quórum."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-295"},{"lang":"en","value":"CWE-350"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.0","versionEndExcluding":"3.8.6","matchCriteriaId":"1D3E8670-F4DD-400A-A459-9396353D5E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.0","versionEndExcluding":"3.9.5","matchCriteriaId":"69917DB8-268C-4F60-AFAE-51FB24101BFE"}]}]}],"references":[{"url":"https://lists.apache.org/thread/088ddsbrzhd5lxzbqf5n24yg0mwh9jt2","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/03/07/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}