CVE-2026-33258 Crafted zones can cause increased resource usage

🗓️ 22 Apr 2026 09:38:19Reported by OXType

Publishing and querying a crafted zone can cause large allocations in negative and aggressive NSEC3 caches.

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2026-33258	22 Apr 202609:38	–	attackerkb
AlpineLinux	CVE-2026-33258	22 Apr 202609:38	–	alpinelinux
Circl	CVE-2026-33258	22 Apr 202612:17	–	circl
CNNVD	PowerDNS Recursor（pdns_recursor）安全漏洞	22 Apr 202600:00	–	cnnvd
CVE	CVE-2026-33258	22 Apr 202609:38	–	cve
Debian	[SECURITY] [DSA 6234-1] pdns-recursor security update	28 Apr 202619:03	–	debian
Debian CVE	CVE-2026-33258	22 Apr 202609:38	–	debiancve
Tenable Nessus	Debian dsa-6234 : pdns-recursor - security update	29 Apr 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-33258	23 Apr 202600:00	–	nessus
EUVD	EUVD-2026-24721	22 Apr 202612:30	–	euvd

[
  {
    "vendor": "PowerDNS",
    "product": "Recursor",
    "collectionURL": "https://repo.powerdns.com/",
    "packageName": "pdns-recursor",
    "repo": "https://github.com/PowerDNS/pdns",
    "modules": [
      "Negative cache",
      "Aggressive use of NSEC cache"
    ],
    "programFiles": [
      "aggressive_nsec.cc",
      "negcache.cc"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "5.4.0",
        "lessThan": "5.4.1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "5.3.0",
        "lessThan": "5.3.6",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "5.2.0",
        "lessThan": "5.2.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
docs	www.docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html

22 Apr 2026 09:38Current

CVSS 3.15.3

EPSS0.00002