CVE-2026-33608

HIGH

Incomplete domain name sanitization during

Title source: cna

Description

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

References (1)

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

Scores

CVSS v3 7.4

EPSS 0.0001

EPSS Percentile 0.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-94

Status published

Products (3)

PowerDNS/Authoritative 4.9.0 - 4.9.14

powerdns/authoritative 4.9.0 - 4.9.14

PowerDNS/Authoritative 5.0.0 - 5.0.4

Published Apr 22, 2026

Tracked Since Apr 22, 2026