Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
AV:N and PR:N reflect unauthenticated DNS query submission; AC:H for the sustained crafted-query requirement; A:L added over vendor score to capture temporary Prometheus endpoint unavailability.
Primary rating from Vendor (open-xchange).
CVSS VectorVendor: open-xchange
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.
AnalysisAI
Prometheus metrics endpoint corruption in PowerDNS dnsdist allows a remote unauthenticated attacker to disrupt monitoring visibility by flooding the resolver with crafted DNS queries. The flood triggers insertion of a dynamic block whose value serialises into invalid Prometheus exposition format, causing the /metrics endpoint to be rejected by the scraper until the dynamic block TTL expires naturally. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target dnsdist instance has the Prometheus metrics endpoint enabled and network-reachable from the attacker, and that the attacker can sustain a sufficiently large volume of specifically crafted DNS queries to trigger dynamic block insertion with the invalid value - this high-volume requirement is reflected in the CVSS AC:H rating. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) accurately captures a low-severity, high-complexity, network-accessible condition. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with no authentication or prior foothold sends a sustained flood of crafted DNS queries to a network-accessible dnsdist instance that has the Prometheus metrics endpoint enabled. The specific query pattern triggers insertion of a dynamic block whose associated value contains characters invalid in Prometheus exposition format. … |
| Remediation | The primary remediation is to apply the vendor-released patch documented in the PowerDNS dnsdist security advisory at https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html; exact fix version numbers are not confirmed in the available data and must be obtained directly from the advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-116 – Improper Encoding or Escaping of Output
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39346
GHSA-f83r-q8f4-f336