Skip to main content

PowerDNS Authoritative EUVDEUVD-2026-24947

| CVE-2026-33609 MEDIUM
LDAP Injection (CWE-90)
2026-04-22 security@open-xchange.com GHSA-q8p8-x4x3-fvqm
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
Patch released
Apr 24, 2026 - 18:52 nvd
Patch available
Patch available
Apr 22, 2026 - 16:33 EUVD
Analysis Generated
Apr 22, 2026 - 15:02 vuln.today
EUVD ID Assigned
Apr 22, 2026 - 14:22 euvd
EUVD-2026-24947
Analysis Generated
Apr 22, 2026 - 14:22 vuln.today
CVE Published
Apr 22, 2026 - 14:16 nvd
MEDIUM 5.3

DescriptionCVE.org

Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.

AnalysisAI

Incomplete LDAP query escaping in PowerDNS Authoritative with 8bit-dns enabled allows authenticated users to enumerate internal domain subtrees through LDAP injection, leading to information disclosure of sensitive DNS zone data. The vulnerability requires valid authentication, high attack complexity due to LDAP protocol constraints, and has been reported by the vendor security team. No active exploitation data is currently available.

Technical ContextAI

PowerDNS Authoritative Server processes DNS queries and supports backend storage mechanisms including LDAP directories. When the 8bit-dns feature is enabled, the server processes non-ASCII characters in DNS names. The vulnerability stems from improper sanitization of user-controlled input in LDAP query construction, allowing attackers to inject LDAP filter syntax. This is a classic example of CWE-90 (Improper Neutralization of Special Elements used in an LDAP Query) where special LDAP characters such as parentheses, asterisks, and boolean operators are not properly escaped before query execution. The LDAP backend then interprets the injected syntax as structural query logic rather than literal data, enabling unauthorized directory traversal and enumeration.

RemediationAI

Immediately review and apply the vendor-released security patch from PowerDNS advisory powerdns-2026-05 (https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html) to update your PowerDNS Authoritative installation to a patched version. As an interim control, if LDAP backend usage is not essential, disable LDAP authentication backends in the PowerDNS configuration and switch to alternative storage mechanisms (MySQL, PostgreSQL, or SQLite) until patching is complete. Alternatively, if 8bit-dns feature is not operationally required, disable it in the PowerDNS configuration file (set allow-8bit=no or equivalent) to eliminate the attack vector; this may impact internationalized domain name (IDN) support if your infrastructure depends on it. Restrict LDAP backend access to trusted networks only via firewall rules at the network boundary, limiting the pool of authenticated users who can reach the vulnerable code path.

More in LDAP

View all
CVE-2016-9299 CRITICAL POC
9.8 Jan 12

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a

CVE-2017-14596 CRITICAL POC
9.8 Sep 20

In Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required,

CVE-2017-8790 CRITICAL POC
9.8 May 05

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2023-28853 MEDIUM POC
6.5 Apr 04

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for aut

CVE-2020-36966 MEDIUM POC
6.4 Jan 30

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows at

CVE-2025-36556 MEDIUM POC
6.1 Jan 20

A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6

CVE-2026-23906 CRITICAL
9.8 Feb 10

Authentication bypass in Apache Druid versions 0.17.0 through 35.x. Affects all versions prior to 36.0.0 when specific p

CVE-2026-44930 CRITICAL
9.8 May 22

Arbitrary certificate disclosure in Apache CXF's XKMS server lets remote attackers abuse an LDAP injection flaw (CWE-90)

CVE-2024-33868 CRITICAL
9.8 May 14

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is re

CVE-2023-6905 CRITICAL
9.8 Dec 18

A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5.jsp?actionFlag=test&i

CVE-2021-43350 CRITICAL
9.8 Nov 11

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the P

CVE-2026-21880 MEDIUM POC
5.3 Jan 08

Kanboard versions 1.2.48 and earlier contain an LDAP injection vulnerability where unsanitized user input in the LDAP au

Vendor StatusVendor

SUSE

Severity: Medium

Share

EUVD-2026-24947 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy