CVE-2026-52690

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...

CVE-2026-42387

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation...

CVE-2026-42389

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

CVE-2026-42389 Reject more queries with invalid header values

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

CVE-2026-42389

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

EUVD-2026-39388

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

CVE-2026-42389

CVE-2026-42389 fixes an issue by adding extra hardening in the 5.4.x branch through enhanced validation of incoming answers from authoritative servers (no exploited details provided in the documents).

CVE-2026-33612

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning...

CVE-2026-52690

CVE-2026-52690 affects the PowerDNS Recursor. Spoofed replies can cause an authoritative server’s IP to be marked as not supporting EDNS, leading to DNSSEC validation failures for records served by that server. The vulnerability’s impact is documented as enabling validation failures in the presen...

CVE-2026-52690 Spoofed answers can mark an authoritative non-EDNS capable

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...

CVE-2026-52690

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...

CVE-2026-42387 Insufficient input validation in ZoneToCache

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation...

CVE-2026-42387

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation...

EUVD-2026-39352

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning...

CVE-2026-33612 ZoneToCache can poison the cache

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning...

CVE-2026-33612

CVE-2026-33612 describes a cache-poisoning vulnerability in a ZoneToCache flow: a malicious authoritative server can craft a zone that is cached, compromising integrity of cached data. The CVSS3.1 metrics indicate Network access, high attack complexity, no privileges required, no user interaction...

SUSE CVE-2026-47691

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

CVE-2026-47691

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

CVE-2026-47691

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

UBUNTU-CVE-2026-47691

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...