What is the CVSS score of CVE-2026-42255?

CVE-2026-42255 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Technitium DNS Server are affected by CVE-2026-42255?

Technitium DNS Server versions before 15.0 contain a DNS amplification vulnerability that allows unauthenticated attackers to weaponize your infrastructure for large-scale DDoS attacks against third…. A patch is available.

Technitium DNS Server CVE-2026-42255

EUVD-2026-25688 HIGH

Incorrect Provision of Specified Functionality (CWE-684)

2026-04-26 mitre

Information Disclosure

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch released

Apr 29, 2026 - 18:54 nvd

Patch available

Re-analysis Queued

Apr 27, 2026 - 19:07 vuln.today

cvss_changed

Patch available

Apr 26, 2026 - 05:01 EUVD

Analysis Generated

Apr 26, 2026 - 04:30 vuln.today

EUVD ID Assigned

Apr 26, 2026 - 04:15 euvd

EUVD-2026-25688

Analysis Generated

Apr 26, 2026 - 04:15 vuln.today

CVE Published

Apr 26, 2026 - 02:48 nvd

HIGH 7.2

DescriptionNVD

Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.

AnalysisAI

DNS traffic amplification via cyclic nameserver delegation in Technitium DNS Server versions before 15.0 enables unauthenticated remote attackers to conduct distributed denial-of-service (DDoS) attacks. Attackers can exploit misconfigured or maliciously crafted DNS delegation chains to create resolution loops, forcing the server to generate significantly larger response traffic than the initial query size. …

RemediationAI

Within 24 hours: Identify all Technitium DNS Server instances and document current versions via administrative interface or 'nslookup -type=TXT version.bind @[server]'. Within 7 days: Contact Technitium for upgrade timelines to version 15.0 or later; if unavailable, implement network-level mitigations (see compensating controls). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42255 vulnerability details – vuln.today

Back

Technitium DNS Server CVE-2026-42255

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code