PowerDNS Recursor CVE-2026-33600

EUVD-2026-24731 MEDIUM

NULL Pointer Dereference (CWE-476)

2026-04-22 OX

Denial Of Service Null Pointer Dereference

4.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 22, 2026 - 13:09 vuln.today

Patch available

Apr 22, 2026 - 11:16 EUVD

DescriptionNVD

An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.

AnalysisAI

Denial of service in PowerDNS Recursor occurs when processing a malicious Response Policy Zone (RPZ) from an authoritative server, triggering a null pointer dereference due to missing validation logic. Versions 5.2.0-5.2.8, 5.3.0-5.3.5, and 5.4.0 are affected. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-33600 vulnerability details – vuln.today

Back

PowerDNS Recursor CVE-2026-33600

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code