Incomplete domain name sanitization during_CVE-2026-33608

7.4 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Description

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

Basic Information

ID CVE-2026-33608

Source OX

Published Apr 22, 2026 at 14:00

Modified Apr 22, 2026 at 14:28

Affected Product

Vendor PowerDNS

Product Authoritative

Version 5.0.0

Affected Versions PowerDNS Authoritative 5.0.0
PowerDNS Authoritative 4.9.0

CWE Classification

CWE-94

References

docs.powerdns.com /authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

{
    "lastseen": "",
    "description": "An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.",
    "published": "2026-04-22T14:00:15.473Z",
    "modified": "2026-04-22T14:28:15.172Z",
    "type": "cve",
    "title": "Incomplete domain name sanitization during",
    "source": "OX",
    "references": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html",
    "id": "CVE-2026-33608",
    "bulletinFamily": "",
    "cwe": [
        "",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "PowerDNS Authoritative 5.0.0\nPowerDNS Authoritative 4.9.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Authoritative",
    "version": "5.0.0",
    "vendor": "PowerDNS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}