CVE-2026-33611

Summary

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.

Affected Software

VendorProductVersion RangeStatus
PowerDNSAuthoritative5.0.0 < 5.0.4affected
PowerDNSAuthoritative4.9.0 < 4.9.14affected

Weaknesses

  • Integer Overflow or Wraparound

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References