Skip to main content

Authoritative

20 CVEs product

Monthly

CVE-2026-42005 MEDIUM PATCH This Month

PowerDNS Authoritative Server's optional internal web server accepts crafted HTTP requests that trigger unbounded memory allocation, exhausting process memory and causing a denial of service against the DNS service. Exploitation requires low-privilege authentication (PR:L per CVSS vector) and the internal web server must be explicitly enabled - it is disabled by default, sharply limiting the real-world attack surface. No public exploit code has been identified and this vulnerability is not listed in CISA KEV.

Denial Of Service Authoritative Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2026-41999 MEDIUM PATCH This Month

Incorrect view selection in PowerDNS Authoritative Server when processing TCP PROXY protocol requests exposes DNS records intended for a different network segment to remote unauthenticated attackers, producing both unauthorized information disclosure and limited integrity impact. Deployments running split-horizon DNS via the Views feature alongside TCP PROXY protocol support are the specific affected population. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA KEV; however, the attack concept requires no authentication and no user interaction, making it relevant wherever both features are co-deployed.

Authentication Bypass Authoritative
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-42002 MEDIUM PATCH This Month

Concurrency and locking defects in the GSS-TSIG implementation of PowerDNS Authoritative expose the nameserver to a denial-of-service condition exploitable remotely without authentication. The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) confirms the impact is limited to availability - crashing or destabilizing the authoritative DNS service - under high-complexity race condition circumstances. No active exploitation has been confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis.

Information Disclosure Authoritative
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-42001 HIGH PATCH This Week

Remote denial of service in PowerDNS Authoritative Server arises from insufficient validation of SOA queries received via the Autoprimary (formerly 'supermaster') replication mechanism, allowing unauthenticated network-based attackers to disrupt service availability. The flaw carries a CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) with availability-only impact, and no public exploit identified at time of analysis. The OX-reported issue is documented in PowerDNS Security Advisory 2026-06.

Denial Of Service Authoritative
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42000 MEDIUM PATCH This Month

Integrity compromise in PowerDNS Authoritative Server allows network-positioned attackers to inject unauthorized DNS records by exploiting insufficient validation of DNS names received during AXFR (zone transfer) processing. The CVSS changed-scope indicator (S:C) reflects that the high-integrity impact extends beyond the vulnerable server itself to all downstream systems consuming the corrupted zone data, enabling a form of DNS record poisoning. No public exploit has been identified at time of analysis, and the high attack complexity (AC:H) constrains exploitation to adversaries with specific network positioning or control over a zone transfer source.

Command Injection Authoritative
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-42396 MEDIUM PATCH This Month

Catalog zone transfer failure in PowerDNS Authoritative can be triggered by a high-privileged remote attacker who injects insufficiently validated member zone data, causing the catalog zone transfer mechanism to abort and preventing secondary nameservers from receiving zone updates. The impact is a targeted denial-of-service against DNS zone replication infrastructure, affecting any deployment using catalog zones (RFC 9432). No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

RCE Code Injection Authoritative
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-33611 MEDIUM PATCH This Month

PowerDNS Authoritative server allows authenticated REST API operators to inject malformed HTTPS or SVCB record data, corrupting the LMDB backend database and causing service degradation or denial of availability. The vulnerability requires high-privilege REST API access and affects deployments using LMDB as the backend storage engine, with confirmed impact on data integrity and availability.

Information Disclosure Integer Overflow Authoritative
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2020-24698 CRITICAL Act Now

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authoritative
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-24697 HIGH This Week

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-24696 HIGH This Week

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Authoritative
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-17482 MEDIUM This Month

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authoritative
NVD GitHub
CVSS 3.1
4.3
EPSS
2.6%
CVE-2019-10163 MEDIUM PATCH This Month

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Authoritative Backports Leap
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-10162 HIGH PATCH This Week

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Authoritative Leap
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-14626 HIGH This Week

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Recursor
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-10851 HIGH This Week

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Recursor
NVD
CVSS 3.0
7.5
EPSS
6.0%
CVE-2016-5427 HIGH Act Now

PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 85.5% and no vendor patch available.

Denial Of Service Authoritative
NVD GitHub
CVSS 3.0
7.5
EPSS
85.5%
Threat
4.1
CVE-2016-5426 HIGH PATCH Act Now

PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.0%.

Denial Of Service Authoritative
NVD GitHub
CVSS 3.0
7.5
EPSS
37.0%
CVE-2015-5311 MEDIUM PATCH This Month

PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authoritative
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-5470 HIGH PATCH This Week

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authoritative Recursor
NVD
CVSS 2.0
7.8
EPSS
0.0%
CVE-2015-1868 HIGH This Week

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Fedora Recursor
NVD
CVSS 2.0
7.8
EPSS
0.5%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

PowerDNS Authoritative Server's optional internal web server accepts crafted HTTP requests that trigger unbounded memory allocation, exhausting process memory and causing a denial of service against the DNS service. Exploitation requires low-privilege authentication (PR:L per CVSS vector) and the internal web server must be explicitly enabled - it is disabled by default, sharply limiting the real-world attack surface. No public exploit code has been identified and this vulnerability is not listed in CISA KEV.

Denial Of Service Authoritative Suse
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Incorrect view selection in PowerDNS Authoritative Server when processing TCP PROXY protocol requests exposes DNS records intended for a different network segment to remote unauthenticated attackers, producing both unauthorized information disclosure and limited integrity impact. Deployments running split-horizon DNS via the Views feature alongside TCP PROXY protocol support are the specific affected population. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA KEV; however, the attack concept requires no authentication and no user interaction, making it relevant wherever both features are co-deployed.

Authentication Bypass Authoritative
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Concurrency and locking defects in the GSS-TSIG implementation of PowerDNS Authoritative expose the nameserver to a denial-of-service condition exploitable remotely without authentication. The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) confirms the impact is limited to availability - crashing or destabilizing the authoritative DNS service - under high-complexity race condition circumstances. No active exploitation has been confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis.

Information Disclosure Authoritative
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in PowerDNS Authoritative Server arises from insufficient validation of SOA queries received via the Autoprimary (formerly 'supermaster') replication mechanism, allowing unauthenticated network-based attackers to disrupt service availability. The flaw carries a CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) with availability-only impact, and no public exploit identified at time of analysis. The OX-reported issue is documented in PowerDNS Security Advisory 2026-06.

Denial Of Service Authoritative
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Integrity compromise in PowerDNS Authoritative Server allows network-positioned attackers to inject unauthorized DNS records by exploiting insufficient validation of DNS names received during AXFR (zone transfer) processing. The CVSS changed-scope indicator (S:C) reflects that the high-integrity impact extends beyond the vulnerable server itself to all downstream systems consuming the corrupted zone data, enabling a form of DNS record poisoning. No public exploit has been identified at time of analysis, and the high attack complexity (AC:H) constrains exploitation to adversaries with specific network positioning or control over a zone transfer source.

Command Injection Authoritative
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Catalog zone transfer failure in PowerDNS Authoritative can be triggered by a high-privileged remote attacker who injects insufficiently validated member zone data, causing the catalog zone transfer mechanism to abort and preventing secondary nameservers from receiving zone updates. The impact is a targeted denial-of-service against DNS zone replication infrastructure, affecting any deployment using catalog zones (RFC 9432). No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

RCE Code Injection Authoritative
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

PowerDNS Authoritative server allows authenticated REST API operators to inject malformed HTTPS or SVCB record data, corrupting the LMDB backend database and causing service degradation or denial of availability. The vulnerability requires high-privilege REST API access and affects deployments using LMDB as the backend storage engine, with confirmed impact on data integrity and availability.

Information Disclosure Integer Overflow Authoritative
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authoritative
NVD
EPSS 4% CVSS 7.5
HIGH This Week

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Authoritative
NVD
EPSS 3% CVSS 4.3
MEDIUM This Month

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authoritative
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Authoritative Backports +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Authoritative Leap
NVD
EPSS 3% CVSS 7.5
HIGH This Week

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Recursor
NVD
EPSS 6% CVSS 7.5
HIGH This Week

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Recursor
NVD
EPSS 86% 4.1 CVSS 7.5
HIGH Act Now

PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 85.5% and no vendor patch available.

Denial Of Service Authoritative
NVD GitHub
EPSS 37% CVSS 7.5
HIGH PATCH Act Now

PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.0%.

Denial Of Service Authoritative
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authoritative
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authoritative Recursor
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Fedora +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy