Skip to main content

PowerDNS dnsdist CVE-2026-40209

| EUVDEUVD-2026-39348 MEDIUM
Missing Release of Resource after Effective Lifetime (CWE-772)
2026-06-25 security@open-xchange.com GHSA-c5m7-ppm5-wp5g
5.3
CVSS 3.1 · Vendor: open-xchange
Share

Severity by source

Vendor (open-xchange) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vuln.today AI
5.3 MEDIUM

Network-accessible with no authentication required; impact is availability-only and conditional on resource exhaustion, making A:L appropriate over A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
SUSE
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (open-xchange).

CVSS VectorVendor: open-xchange

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

2
Patch available
Jun 25, 2026 - 14:16 EUVD
Analysis Generated
Jun 25, 2026 - 13:32 vuln.today

DescriptionCVE.org

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or if the process runs out of file descriptors.

AnalysisAI

TCP connection resource leak in PowerDNS dnsdist allows remote unauthenticated attackers to exhaust backend TCP connection capacity by sending IXFR (Incremental Zone Transfer) queries. Affected dnsdist instances fail to promptly release outgoing TCP connections to backends after IXFR processing, leaving them open until OS-level timeout; under sustained query volume this can exhaust the backend's concurrent connection limit or the dnsdist process's file descriptor table. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send repeated IXFR queries to dnsdist listener
Delivery
dnsdist opens TCP connection to backend per query
Exploit
Connection not released after query completion
Execution
File descriptors and backend connection slots accumulate
Persist
Backend connection ceiling or process FD limit reached
Impact
Legitimate DNS queries fail to proxy

Vulnerability AssessmentAI

Exploitation Exploitation requires network-level access to a dnsdist instance (port 53 TCP/UDP or a configured listener port). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 3.1 score of 5.3 Medium with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L accurately reflects the conditional nature of this denial-of-service: the availability impact is Low (A:L) rather than High because the DoS requires accumulation of stuck connections to exhaust a finite resource ceiling (backend connection pool cap or process file descriptor limit), meaning a single query does not immediately disrupt service. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to the dnsdist listener sends a continuous stream of IXFR queries over TCP. Each query causes dnsdist to open a new outgoing TCP connection to the configured backend server that is never closed, consuming a file descriptor slot in the dnsdist process and an inbound connection slot on the backend. …
Remediation The primary remediation is to upgrade dnsdist to the fixed version specified in the vendor security advisory at https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected
SUSE Linux Enterprise Server 16.0 Affected

Share

CVE-2026-40209 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy