Null Pointer Dereference Vulnerability in PowerDNS Recursor
CVE-2026-33262

5.9MEDIUM

Key Information:

Vendor

Powerdns

Status
Recursor
Vendor
CVE Published:
22 April 2026

What is CVE-2026-33262?

A significant vulnerability has been identified in PowerDNS Recursor, where an attacker could exploit a missing consistency check, resulting in a null pointer dereference. This flaw may lead to a denial of service scenario, disrupting service availability. Notably, cookies are disabled by default, heightening the risk of exploitation. Users are urged to review their systems and apply the necessary updates to mitigate this risk effectively.

Affected Version(s)

Recursor 5.4.0 < 5.4.1

Recursor 5.3.0 < 5.3.6

Recursor 5.2.0 < 5.2.9

References

https://docs.powerdns.com/recursor/security-advisories/po...

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ylwango613
.