Skip to main content

DNSdist CVE-2026-42004

| EUVDEUVD-2026-39351 LOW
Misinterpretation of Input (CWE-115)
2026-06-25 security@open-xchange.com GHSA-q4qq-c3qm-82jj
3.7
CVSS 3.1 · Vendor: open-xchange

Severity by source

Vendor (open-xchange) PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
3.7 LOW

Network-reachable with no authentication; AC:H for required OPT craft precision; integrity limited to filter bypass reaching backend; no confidentiality or availability impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Primary rating from Vendor (open-xchange).

CVSS VectorVendor: open-xchange

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Patch available
Jun 25, 2026 - 14:16 EUVD
Analysis Generated
Jun 25, 2026 - 13:34 vuln.today

DescriptionCVE.org

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.

AnalysisAI

EDNS OPT filter bypass in DNSdist exposes backend DNS servers to EDNS extension options that DNSdist was configured to suppress. The flaw is triggered specifically by the EDNS Client Subnet (ECS) insertion code path, which silently normalizes a crafted malformed OPT record - one that evaded DNSdist's filter - into a syntactically valid OPT record forwarded to the upstream backend. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send crafted DNS query with malformed EDNS OPT record
Delivery
DNSdist filter evaluates and drops the OPT record
Exploit
ECS insertion rebuilds syntactically valid OPT including filtered options
Execution
Reconstructed query forwarded to backend
Impact
Backend processes suppressed EDNS options, filter policy bypassed

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target DNSdist instance has EDNS Client Subnet insertion explicitly enabled - this is the specific feature that triggers the filter bypass during OPT record reconstruction. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 3.7 (Low) with vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N accurately reflects the threat profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker sends a crafted DNS query to a DNSdist instance containing a specially structured EDNS OPT record - malformed or edge-case enough to be silently dropped by DNSdist's configured filter rules, yet structured such that the ECS insertion code path reconstructs it into a valid OPT record carrying the originally-filtered EDNS options. The upstream backend DNS server receives the reconstructed query and processes the suppressed options, potentially logging or acting on client subnet data the operator intended to withhold. …
Remediation Consult the official PowerDNS security advisory at https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html for the patched DNSdist release and upgrade instructions; the exact fixed version is not confirmed in the available CVE data and should not be assumed. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-42004 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy