Insufficient validation of HTTPS and SVCB records_CVE-2026-33611

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Description

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.

Basic Information

ID CVE-2026-33611

Source OX

Published Apr 22, 2026 at 14:01

Modified Apr 22, 2026 at 14:24

Affected Product

Vendor PowerDNS

Product Authoritative

Version 5.0.0

Affected Versions PowerDNS Authoritative 5.0.0
PowerDNS Authoritative 4.9.0

CWE Classification

CWE-190

References

docs.powerdns.com /authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

{
    "lastseen": "",
    "description": "An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.",
    "published": "2026-04-22T14:01:10.135Z",
    "modified": "2026-04-22T14:24:57.121Z",
    "type": "cve",
    "title": "Insufficient validation of HTTPS and SVCB records",
    "source": "OX",
    "references": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html",
    "id": "CVE-2026-33611",
    "bulletinFamily": "",
    "cwe": [
        "",
        "CWE-190"
    ],
    "cvelist": null,
    "sourceData": "PowerDNS Authoritative 5.0.0\nPowerDNS Authoritative 4.9.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Authoritative",
    "version": "5.0.0",
    "vendor": "PowerDNS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}