Denial of Service Vulnerability in PowerDNS by PowerDNS
CVE-2026-40211

5.3MEDIUM

Key Information:

Vendor: Powerdns
Status: Dnsdist
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-40211?

An attacker can exploit a flaw in PowerDNS by sending specially crafted DNS over HTTP/3 queries. This can trigger an exception that delays the freeing of buffers. While the buffer will eventually be released at the end of the QUIC connection, an attacker may be able to open multiple concurrent DoH3 streams, potentially leading to an out-of-memory condition. This condition could disrupt service availability, creating a denial of service scenario.

Affected Version(s)

DNSdist 1.9.0 < 1.9.15

DNSdist 2.0.0 < 2.0.7

References

https://www.dnsdist.org/security-advisories/powerdns-advi...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Apr 10, 2026

Credit

Mehtab Zafar

CVE-2026-40211 Data

JSON

Powerdns

What is CVE-2026-40211?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit