Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Network-delivered with no auth needed, but AC:H because DoH3 must be enabled and frames must be precisely malformed; only low availability impact confirmed.
Primary rating from Vendor (open-xchange).
CVSS VectorVendor: open-xchange
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.
AnalysisAI
Query processing delays in dnsdist's DoH3 (DNS over HTTPS/3) implementation allow unauthenticated remote attackers to partially degrade DNS resolution availability by sending crafted GET requests containing invalid HTTP/3 DATA frames. Affected deployments are limited to those with DoH3 explicitly enabled; the CVSS score of 3.7 reflects high attack complexity and only a low availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | DoH3 (DNS over HTTPS/3, using the QUIC transport) must be explicitly configured and enabled on the target dnsdist instance - this is not a default configuration. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.7 base score (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) signals a low-priority finding. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to a dnsdist instance that has DoH3 enabled sends a stream of DoH3 GET queries over QUIC, each embedding a deliberately malformed HTTP/3 DATA frame. The dnsdist process enters a slow error-handling path for each such frame, accumulating processing delay that causes legitimate DoH3 queries to experience elevated latency or timeouts. … |
| Remediation | Consult the official PowerDNS security advisory at https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html to obtain the patched dnsdist release version and apply the vendor-supplied upgrade - an exact fix version was not included in the available intelligence data and cannot be stated here without risking an invented version number. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-705 – Incorrect Control Flow Scoping
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39347
GHSA-2cpw-vgr2-pw3h