Skip to main content

PowerDNS Recursor CVE-2026-33612

| EUVDEUVD-2026-39352 HIGH
Acceptance of Extraneous Untrusted Data With Trusted Data (CWE-349)
2026-06-25 security@open-xchange.com GHSA-mc43-3p9f-8c28
7.5
CVSS 3.1 · Vendor: open-xchange
Share

Severity by source

Vendor (open-xchange) PRIMARY
7.5 HIGH
AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
vuln.today AI
7.5 HIGH

Attacker is the upstream authoritative server so PR:N, but must control a ZoneToCache-configured source and craft accepted data, so AC:H; poisoned cache affects downstream clients (S:C) with integrity impact (I:H).

3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:L/SA:N
SUSE
HIGH
qualitative

Primary rating from Vendor (open-xchange).

CVSS VectorVendor: open-xchange

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
Low

Lifecycle Timeline

2
Patch available
Jun 25, 2026 - 14:16 EUVD
Analysis Generated
Jun 25, 2026 - 13:30 vuln.today

DescriptionCVE.org

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning.

AnalysisAI

Cache poisoning in PowerDNS Recursor allows a malicious or compromised authoritative DNS server to inject forged records by returning a crafted zone that the resolver ingests through its ZoneToCache feature. Because the poisoned data lands in the shared recursor cache, all downstream clients can be served attacker-controlled answers, enabling traffic redirection and spoofing. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Control or compromise configured authoritative server
Delivery
Recursor triggers ZoneToCache zone fetch
Exploit
Return crafted zone with forged records
Execution
Poisoned records loaded into recursor cache
Impact
Clients served spoofed DNS answers

Vulnerability AssessmentAI

Exploitation Exploitation requires that the PowerDNS Recursor be explicitly configured to use the ZoneToCache feature and that it retrieves a zone from an authoritative server the attacker controls or has compromised - this is the concrete prerequisite, so default Recursor installations without ZoneToCache are not exposed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L describes a network-reachable, unauthenticated (PR:N) attack with high complexity (AC:H) and a scope change (S:C) yielding high integrity and low availability impact but no confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker operates or compromises an authoritative DNS server that a target PowerDNS Recursor is configured to retrieve a zone from via ZoneToCache. When the recursor performs its scheduled zone retrieval, the attacker returns a crafted zone whose records are ingested into the cache, after which clients of that resolver receive forged answers (e.g., a phishing or malware host substituted for a legitimate domain). …
Remediation Upgrade PowerDNS Recursor to the fixed release identified in PowerDNS Advisory 2026-08 (https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html); the exact patched version is not included in the provided data and must be taken from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all PowerDNS Recursor deployments and assess whether ZoneToCache is enabled; if not operationally critical, disable it immediately. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected
SUSE Linux Enterprise Server 16.0 Affected

Share

CVE-2026-33612 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy