Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Network-reachable via crafted catalog zone data with no auth to Recursor itself; AC:H for non-default catalog zone configuration requirement; pure availability crash impact.
Primary rating from Vendor (OX).
CVSS VectorVendor: OX
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Incomplete validation of the SOA record present in a catalog zone might lead to a crash.
AnalysisAI
PowerDNS Recursor crashes when processing a malformed SOA record within a catalog zone, resulting in a denial of service for all DNS resolution handled by the affected instance. The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) confirms network-reachable unauthenticated exploitation, but high attack complexity reflects the non-default catalog zone configuration required. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target PowerDNS Recursor is configured to consume catalog zones - a non-default zone management feature that must be explicitly enabled and pointed at an authoritative catalog zone server. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 5.9 Medium score is appropriate for this flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who operates or compromises an authoritative DNS server configured as a catalog zone source for a target PowerDNS Recursor instance crafts a zone containing a malformed or minimally incomplete SOA record. When the Recursor fetches and processes the catalog zone - either on schedule or triggered by a NOTIFY - the incomplete SOA validation logic crashes the Recursor process, immediately halting recursive DNS resolution for all clients depending on that instance. … |
| Remediation | Apply the vendor-released patch per the advisory at https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html - the exact fix version must be confirmed from that advisory, as it was not provided in the available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of response
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. Rated high severity (CVSS 8.8), this vulne
Crafted delegations or IP fragments can poison cached delegations in Recursor. [CVSS 8.2 HIGH]
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authori
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth)
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. Rated high sever
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. Rated
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN respo
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigge
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: ModerateShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39358
GHSA-wmff-hvrr-9ch3