Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
AnalysisAI
Catalog zone transfer failure in PowerDNS Authoritative can be triggered by a high-privileged remote attacker who injects insufficiently validated member zone data, causing the catalog zone transfer mechanism to abort and preventing secondary nameservers from receiving zone updates. The impact is a targeted denial-of-service against DNS zone replication infrastructure, affecting any deployment using catalog zones (RFC 9432). No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Technical ContextAI
PowerDNS Authoritative (CPE: cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*) is a widely deployed authoritative DNS server that supports catalog zones per RFC 9432 - a mechanism where a primary server distributes zone provisioning data to secondaries via a special catalog zone. The vulnerability lies in insufficient validation of member zone data embedded within catalog zones: when malformed or unexpected member zone entries are processed, the transfer operation fails entirely rather than skipping or rejecting the bad entry. No CWE was assigned, but the root cause pattern aligns with improper input validation (CWE-20) in DNS zone data parsing. Notably, the vulnerability tag lists 'Information Disclosure,' which is inconsistent with the CVSS impact metrics showing C:N/I:N/A:H - this discrepancy warrants verification against the vendor advisory.
RemediationAI
Consult the official PowerDNS advisory (powerdns-2026-06) at https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html for the specific patched version and upgrade path. An exact fix version number is not independently confirmed from available input data - the advisory must be treated as authoritative. As a compensating control prior to patching, restrict write and provisioning access to catalog zone data to the minimum set of trusted administrative accounts, reducing the pool of principals capable of injecting malformed member zone entries. Additionally, operators not using catalog zone functionality can disable it to eliminate the attack surface entirely, with the trade-off of losing automated secondary provisioning capabilities.
More in Authoritative
View allPowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . Rated high severity (CVSS 7.5), this
PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated criti
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated high
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authori
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth)
Remote denial of service in PowerDNS Authoritative Server arises from insufficient validation of SOA queries received vi
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated high
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized use
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerab
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excludi
Integrity compromise in PowerDNS Authoritative Server allows network-positioned attackers to inject unauthorized DNS rec
Same weakness CWE-94 – Code Injection
View allVendor StatusVendor
SUSE
Severity: MediumShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31265
GHSA-hm6h-mcgv-h2x8