CVE-2026-33257 Insufficient input validation of internal webserver

🗓️ 22 Apr 2026 09:37:59Reported by OXType

Input validation flaw in internal webserver causes unlimited memory use and denial of service; it is disabled by default.

Reporter	Title	Published	Views	Family All 28
ATTACKERKB	CVE-2026-33257	22 Apr 202609:37	–	attackerkb
AlpineLinux	CVE-2026-33257	22 Apr 202609:37	–	alpinelinux
Circl	CVE-2026-33257	22 Apr 202612:28	–	circl
CNNVD	PowerDNS DNSdist和PowerDNS Authoritative 安全漏洞	22 Apr 202600:00	–	cnnvd
CVE	CVE-2026-33257	22 Apr 202609:37	–	cve
Debian	[SECURITY] [DSA 6233-1] pdns security update	28 Apr 202619:02	–	debian
Debian	[SECURITY] [DSA 6234-1] pdns-recursor security update	28 Apr 202619:03	–	debian
Debian	[SECURITY] [DSA 6235-1] dnsdist security update	28 Apr 202619:03	–	debian
Debian CVE	CVE-2026-33257	22 Apr 202609:37	–	debiancve
Tenable Nessus	Debian dsa-6233 : pdns-backend-bind - security update	29 Apr 202600:00	–	nessus

[
  {
    "vendor": "PowerDNS",
    "product": "Authoritative",
    "collectionURL": "https://repo.powerdns.com/",
    "packageName": "pdns",
    "repo": "https://github.com/PowerDNS/pdns",
    "modules": [
      "YaHTTP"
    ],
    "programFiles": [
      "reqresp.cpp",
      "reqresp.hpp"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "5.0.0",
        "lessThan": "5.0.4",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.9.0",
        "lessThan": "4.9.14",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "PowerDNS",
    "product": "DNSdist",
    "collectionURL": "https://repo.powerdns.com/",
    "packageName": "dnsdist",
    "repo": "https://github.com/PowerDNS/pdns",
    "modules": [
      "YaHTTP"
    ],
    "programFiles": [
      "reqresp.cpp",
      "reqresp.hpp"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "1.9.0",
        "lessThan": "1.9.13",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "2.0.0",
        "lessThan": "2.0.4",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "PowerDNS",
    "product": "Recursor",
    "collectionURL": "https://repo.powerdns.com/",
    "packageName": "pdns-recursor",
    "repo": "https://github.com/PowerDNS/pdns",
    "modules": [
      "YaHTTP"
    ],
    "programFiles": [
      "reqresp.cpp",
      "reqresp.hpp"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "5.4.0",
        "lessThan": "5.4.1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "5.3.0",
        "lessThan": "5.3.6",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "5.2.0",
        "lessThan": "5.2.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
docs	www.docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html
dnsdist	www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
docs	www.docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html

22 Apr 2026 09:37Current

CVSS 3.15.3

EPSS0.00514