Skip to main content

PowerDNS Recursor EUVDEUVD-2026-39357

| CVE-2026-42387 MEDIUM
Improper Input Validation (CWE-20)
2026-06-25 OX GHSA-9v36-5rhx-cq6m
5.9
CVSS 3.1 · Vendor: OX
Share

Severity by source

Vendor (OX) PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.9 MEDIUM

Network vector confirmed; AC:H reflects requirement to control an authoritative server; no privileges on the Recursor itself; pure availability impact only.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (OX).

CVSS VectorVendor: OX

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch available
Jun 25, 2026 - 15:17 EUVD
Analysis Generated
Jun 25, 2026 - 14:16 vuln.today

DescriptionCVE.org

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.

AnalysisAI

PowerDNS Recursor crashes when a malicious authoritative DNS server serves a crafted zone via the ZoneToCache function, exploiting insufficient input validation to cause a denial of service. The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) confirms this is a remotely triggerable availability-only impact, though high attack complexity reflects the prerequisite of controlling or compromising an authoritative name server in the resolution path. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Register or compromise authoritative DNS server
Delivery
Craft malicious zone with invalid data
Exploit
Induce target Recursor to resolve name in attacker-controlled zone
Install
Recursor queries malicious authoritative server
C2
ZoneToCache processes crafted zone without adequate validation
Execute
Recursor process crashes
Impact
DNS resolution unavailable for downstream clients

Vulnerability AssessmentAI

Exploitation The ZoneToCache function must be invoked, meaning the Recursor must actively process zone data from an authoritative server - this occurs during recursive resolution when the Recursor queries an authoritative server for a name within the crafted zone. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 5.9 (Medium) reflects a meaningful but constrained threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who controls a registered domain's authoritative name server crafts a zone with malformed data designed to trigger the crash condition in ZoneToCache. When the PowerDNS Recursor resolves a query for a name under that domain, it contacts the malicious authoritative server, receives the crafted zone, and crashes - taking DNS resolution offline for all clients depending on that Recursor instance. …
Remediation Operators should consult the official PowerDNS security advisory at https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html for the exact patched version number and upgrade instructions, as the provided data does not specify a confirmed fix version - stating an exact version here would be fabrication. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2019-3807 CRITICAL
9.8 Jan 29

An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of response

CVE-2020-10030 HIGH
8.8 May 19

An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. Rated high severity (CVSS 8.8), this vulne

CVE-2025-59023 HIGH
8.2 Feb 09

Crafted delegations or IP fragments can poison cached delegations in Recursor. [CVSS 8.2 HIGH]

CVE-2019-3806 HIGH
8.1 Jan 29

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied

CVE-2015-1868 HIGH
7.8 May 18

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authori

CVE-2015-5470 HIGH
7.8 Nov 02

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth)

CVE-2023-22617 HIGH
7.5 Jan 21

A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS

CVE-2022-27227 HIGH
7.5 Mar 25

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4

CVE-2020-25829 HIGH
7.5 Oct 16

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. Rated high sever

CVE-2020-10995 HIGH
7.5 May 19

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. Rated

CVE-2020-12244 HIGH
7.5 May 19

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN respo

CVE-2018-16855 HIGH
7.5 Dec 03

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigge

Vendor StatusVendor

SUSE

Severity: Moderate

Share

EUVD-2026-39357 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy