Denial of Service vulnerability in PowerDNS
CVE-2026-33260

5.3MEDIUM

Key Information:

Vendor: Powerdns
Status: Authoritative; Dnsdist; Recursor
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-33260?

A vulnerability has been detected in PowerDNS products where an attacker is able to send a crafted web request that triggers unlimited memory allocation in the internal web server. This can lead to a denial of service condition, affecting the availability of the service. It is important to note that the internal web server is disabled by default, reducing the immediate risk, but it is still crucial for users to remain vigilant and implement appropriate safeguards.

Affected Version(s)

Authoritative 5.0.0 < 5.0.4

Authoritative 4.9.0 < 4.9.14

DNSdist 1.9.0 < 1.9.13

References

https://docs.powerdns.com/authoritative/security-advisori...

https://www.dnsdist.org/security-advisories/powerdns-advi...

https://docs.powerdns.com/recursor/security-advisories/po...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 18, 2026

Credit

Cavid

CVE-2026-33260 Data

JSON

Powerdns

What is CVE-2026-33260?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit