Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
6DescriptionCVE.org
Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.
AnalysisAI
Incomplete LDAP query escaping in PowerDNS Authoritative with 8bit-dns enabled allows authenticated users to enumerate internal domain subtrees through LDAP injection, leading to information disclosure of sensitive DNS zone data. The vulnerability requires valid authentication, high attack complexity due to LDAP protocol constraints, and has been reported by the vendor security team. No active exploitation data is currently available.
Technical ContextAI
PowerDNS Authoritative Server processes DNS queries and supports backend storage mechanisms including LDAP directories. When the 8bit-dns feature is enabled, the server processes non-ASCII characters in DNS names. The vulnerability stems from improper sanitization of user-controlled input in LDAP query construction, allowing attackers to inject LDAP filter syntax. This is a classic example of CWE-90 (Improper Neutralization of Special Elements used in an LDAP Query) where special LDAP characters such as parentheses, asterisks, and boolean operators are not properly escaped before query execution. The LDAP backend then interprets the injected syntax as structural query logic rather than literal data, enabling unauthorized directory traversal and enumeration.
RemediationAI
Immediately review and apply the vendor-released security patch from PowerDNS advisory powerdns-2026-05 (https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html) to update your PowerDNS Authoritative installation to a patched version. As an interim control, if LDAP backend usage is not essential, disable LDAP authentication backends in the PowerDNS configuration and switch to alternative storage mechanisms (MySQL, PostgreSQL, or SQLite) until patching is complete. Alternatively, if 8bit-dns feature is not operationally required, disable it in the PowerDNS configuration file (set allow-8bit=no or equivalent) to eliminate the attack vector; this may impact internationalized domain name (IDN) support if your infrastructure depends on it. Restrict LDAP backend access to trusted networks only via firewall rules at the network boundary, limiting the pool of authenticated users who can reach the vulnerable code path.
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a
In Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required,
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated critical severity (CVSS 9.8), this vulnerabi
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for aut
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows at
A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6
Authentication bypass in Apache Druid versions 0.17.0 through 35.x. Affects all versions prior to 36.0.0 when specific p
Arbitrary certificate disclosure in Apache CXF's XKMS server lets remote attackers abuse an LDAP injection flaw (CWE-90)
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is re
A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5.jsp?actionFlag=test&i
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the P
Kanboard versions 1.2.48 and earlier contain an LDAP injection vulnerability where unsanitized user input in the LDAP au
Same weakness CWE-90 – LDAP Injection
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: MediumShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24947
GHSA-q8p8-x4x3-fvqm