CVE-2026-33608

CVSS Score & Metrics

Base Score

7.4 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H                                    

Vulnerability Description

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

Vulnerability Details

Published Date

April 22, 2026

Last Modified

April 22, 2026

CWE ID

CWE-94

Source

NVD

Vendor

PowerDNS

Product

Authoritative

External References

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment