Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Network vector confirmed; AC:H reflects requirement to control an authoritative server; no privileges on the Recursor itself; pure availability impact only.
Primary rating from Vendor (OX).
CVSS VectorVendor: OX
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.
AnalysisAI
PowerDNS Recursor crashes when a malicious authoritative DNS server serves a crafted zone via the ZoneToCache function, exploiting insufficient input validation to cause a denial of service. The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) confirms this is a remotely triggerable availability-only impact, though high attack complexity reflects the prerequisite of controlling or compromising an authoritative name server in the resolution path. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The ZoneToCache function must be invoked, meaning the Recursor must actively process zone data from an authoritative server - this occurs during recursive resolution when the Recursor queries an authoritative server for a name within the crafted zone. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS base score of 5.9 (Medium) reflects a meaningful but constrained threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who controls a registered domain's authoritative name server crafts a zone with malformed data designed to trigger the crash condition in ZoneToCache. When the PowerDNS Recursor resolves a query for a name under that domain, it contacts the malicious authoritative server, receives the crafted zone, and crashes - taking DNS resolution offline for all clients depending on that Recursor instance. … |
| Remediation | Operators should consult the official PowerDNS security advisory at https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html for the exact patched version number and upgrade instructions, as the provided data does not specify a confirmed fix version - stating an exact version here would be fabrication. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of response
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. Rated high severity (CVSS 8.8), this vulne
Crafted delegations or IP fragments can poison cached delegations in Recursor. [CVSS 8.2 HIGH]
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authori
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth)
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. Rated high sever
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. Rated
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN respo
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigge
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: ModerateShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39357
GHSA-9v36-5rhx-cq6m