What is the CVSS score of EUVD-2026-24947?

EUVD-2026-24947 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-24947?

Yes, a patch is available for EUVD-2026-24947. Update the affected software to the latest version immediately.

PowerDNS Authoritative EUVD-2026-24947

| CVE-2026-33609 MEDIUM

LDAP Injection (CWE-90)

2026-04-22 security@open-xchange.com

GHSA-q8p8-x4x3-fvqm

Information Disclosure LDAP Code Injection Suse

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Apr 24, 2026 - 18:52 nvd

Patch available

Apr 22, 2026 - 16:33 EUVD

Analysis Generated

Apr 22, 2026 - 15:02 vuln.today

EUVD ID Assigned

Apr 22, 2026 - 14:22 euvd

EUVD-2026-24947

Analysis Generated

Apr 22, 2026 - 14:22 vuln.today

CVE Published

Apr 22, 2026 - 14:16 nvd

MEDIUM 5.3

DescriptionNVD

Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.

AnalysisAI

Incomplete LDAP query escaping in PowerDNS Authoritative with 8bit-dns enabled allows authenticated users to enumerate internal domain subtrees through LDAP injection, leading to information disclosure of sensitive DNS zone data. The vulnerability requires valid authentication, high attack complexity due to LDAP protocol constraints, and has been reported by the vendor security team. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory