Insufficient input validation of internal webserver_CVE-2026-33260

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Description

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Basic Information

ID CVE-2026-33260

Source OX

Published Apr 22, 2026 at 09:39

Affected Product

Vendor PowerDNS

Product Authoritative

Version 5.0.0

Affected Versions PowerDNS Authoritative 5.0.0
PowerDNS Authoritative 4.9.0
PowerDNS DNSdist 1.9.0
PowerDNS DNSdist 2.0.0
PowerDNS Recursor 5.4.0
PowerDNS Recursor 5.3.0
PowerDNS Recursor 5.2.0

CWE Classification

References

{
    "lastseen": "",
    "description": "An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.",
    "published": "2026-04-22T09:39:35.859Z",
    "modified": "2026-04-22T09:39:35.859Z",
    "type": "cve",
    "title": "Insufficient input validation of internal webserver",
    "source": "OX",
    "references": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html\nhttps://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html\nhttps://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html",
    "id": "CVE-2026-33260",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "PowerDNS Authoritative 5.0.0\nPowerDNS Authoritative 4.9.0\nPowerDNS DNSdist 1.9.0\nPowerDNS DNSdist 2.0.0\nPowerDNS Recursor 5.4.0\nPowerDNS Recursor 5.3.0\nPowerDNS Recursor 5.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Authoritative",
    "version": "5.0.0",
    "vendor": "PowerDNS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}