DNSCrypt Vulnerability Allows Remote Crash via Crafted Queries
The National Vulnerability Database has identified CVE-2026-33593, a critical vulnerability impacting DNSCrypt clients. Attackers can exploit this by sending a specially crafted DNSCrypt query, triggering a divide-by-zero error that leads to a client crash. The exploit requires no authentication or user interaction and can be launched remotely over the network, making it a significant threat.
With a CVSS score of 7.5 (HIGH), this vulnerability presents a direct denial-of-service risk. While specific affected products are not detailed by the National Vulnerability Database, any implementation of DNSCrypt that does not properly sanitize incoming query data is potentially at risk. Defenders should prioritize verifying the security posture of their DNSCrypt deployments and consider implementing network-level filtering if possible to block malformed queries.
The ease of exploitation – requiring only network access and the ability to send a crafted query – means this could be weaponized by unsophisticated attackers. CISOs should ensure their teams are aware of this flaw and are actively patching or updating any vulnerable DNSCrypt clients to prevent disruption. The attacker’s calculus here is simple: cause outages with minimal effort.
What This Means For You
- If your organization utilizes DNSCrypt for secure DNS resolution, you must immediately verify that all client implementations are patched against CVE-2026-33593. A successful exploit can lead to a complete denial of service for affected clients, disrupting network connectivity and internal services.
Related ATT&CK Techniques
🛡️ Detection Rules
1 rule · 6 SIEM formats1 detection rule auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-33593 - DNSCrypt Crafted Query Denial of Service
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-33593 | DoS | Crafted DNSCrypt query |
| CVE-2026-33593 | DoS | Divide by zero error |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 22, 2026 at 17:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-30139 — The AdvancedSearch Functionality Of Silverpeas Core Before V Cross-Site Scripting (XSS)
CVE-2026-30139 — A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in...
CVE-2025-58922 — ThemeFusion Avada Vulnerability
CVE-2025-58922 — Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2.
CVE-2024-58344 — Cross-Site Scripting (XSS)
CVE-2024-58344 — Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field...