CVE-2026-33608

Summary

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

Affected Software

VendorProductVersion RangeStatus
PowerDNSAuthoritative5.0.0 < 5.0.4affected
PowerDNSAuthoritative4.9.0 < 4.9.14affected

Weaknesses

  • Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References