Cache Poisoning Vulnerability in PowerDNS Recursor by PowerDNS
CVE-2026-33612

7.5HIGH

Key Information:

Vendor

Powerdns

Status
Recursor
Vendor
CVE Published:
25 June 2026

What is CVE-2026-33612?

A vulnerability exists within PowerDNS Recursor that allows a malicious authoritative server to exploit the ZoneToCache function. By sending a specially crafted zone message, the attacker can manipulate the DNS cache, leading to possible misinformation being served to users. This vulnerability highlights the risks associated with untrusted responses in DNS queries and underscores the need for robust security measures within DNS infrastructure.

Affected Version(s)

Recursor 5.2.0 < 5.2.11

Recursor 5.3.0 < 5.3.8

Recursor 5.4.0 < 5.4.3

References

https://docs.powerdns.com/recursor/security-advisories/po...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Danial Mahadzir
.