Denial of Service Vulnerability in PowerDNS Internal Web Server
CVE-2026-42005

4.3MEDIUM

Key Information:

Vendor: Powerdns
Status: Authoritative
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-42005?

An attacker can exploit a vulnerability in the internal web server of PowerDNS by sending a specially crafted web request. This request can lead to unlimited memory allocation, causing the server to become unresponsive and resulting in a denial of service. It is important to note that the internal web server is disabled by default, which may mitigate the risk for some users. However, users should remain vigilant and apply the recommended security updates to prevent potential exploitation.

Affected Version(s)

Authoritative 4.9.0 < 4.9.16

Authoritative 5.0.0 < 5.0.6

Authoritative 5.1.0 < 5.1.2

References

https://docs.powerdns.com/authoritative/security-advisori...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Apr 23, 2026

Credit

ilya rozentsvaig

CVE-2026-42005 Data

JSON

Powerdns

What is CVE-2026-42005?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit