Insufficient Validation in PowerDNS Could Lead to Zone Transfer Failures
CVE-2026-42396

4.9MEDIUM

Key Information:

Vendor: Powerdns
Status: Authoritative
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-42396?

An insufficient validation flaw in the PowerDNS Authoritative Server can result in a failure during catalog zone transfers. This vulnerability arises when member zone data is not properly validated, potentially leading to misconfigurations or denial of service during zone transfer processes. DNS administrators are recommended to verify their configurations to mitigate the risks associated with this vulnerability.

Affected Version(s)

Authoritative 4.9.0 < 4.9.15

Authoritative 5.0.0 < 5.0.5

References

https://docs.powerdns.com/authoritative/security-advisori...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
Apr 27, 2026

Credit

ilhamaf

CVE-2026-42396 Data

JSON

Powerdns

What is CVE-2026-42396?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit