Insufficient Validation in PowerDNS Autoprimary SOA Queries
CVE-2026-42001

7.5HIGH

Key Information:

Vendor: Powerdns
Status: Authoritative
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-42001?

This vulnerability involves a flaw in the PowerDNS Authoritative Server that permits insufficient validation of Autoprimary SOA queries. This incorrectly handled input could potentially allow an attacker to manipulate DNS responses, leading to information exposure or redirection attacks. System administrators are advised to review the impacted product versions and apply necessary patches to mitigate potential security risks.

Affected Version(s)

Authoritative 4.9.0 < 4.9.15

Authoritative 5.0.0 < 5.0.5

References

https://docs.powerdns.com/authoritative/security-advisori...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
Apr 23, 2026

Credit

lazarux0x1337

CVE-2026-42001 Data

JSON

Powerdns

What is CVE-2026-42001?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit