Question 1

What is CVE-2026-40011 — CVE-2026-40011?

Accepted Answer

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.

Question 2

What is the authoritative source for CVE-2026-40011?

Accepted Answer

CVE-2026-40011 (CVE-2026-40011) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	3.7 ()
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Last modified	2026-06-25

CVE-2026-40011CVE-2026-40011

Description

Scoring