Out-of-Bounds Read Vulnerability in PowerDNS from PowerDNS
CVE-2026-24028

5.3MEDIUM

Key Information:

Vendor: Powerdns
Status: Dnsdist
Vendor: CVE Published:; 31 March 2026

What is CVE-2026-24028?

An attacker can exploit a vulnerability in PowerDNS by sending a specially crafted DNS response packet. This manipulation targets the parsing function responsible for handling DNS packets with custom Lua code. If successful, this can lead to an out-of-bounds read, which may result in a denial of service by crashing the application or potentially accessing sensitive and unrelated memory. Thus, the exploitation of this vulnerability poses a significant risk to the integrity and confidentiality of the system.

Affected Version(s)

DNSdist 1.9.0 < 1.9.12

DNSdist 2.0.0 < 2.0.3

References

https://www.dnsdist.org/security-advisories/powerdns-advi...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2026
Vulnerability Reserved
Jan 20, 2026

Credit

Naoki Wakamatsu

CVE-2026-24028 Data

JSON

Powerdns

What is CVE-2026-24028?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit