CVE-2026-40208

Summary

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.

Affected Software

VendorProductVersion RangeStatus
PowerDNSDNSdist1.9.0 < 1.9.15affected
PowerDNSDNSdist2.0.0 < 2.0.7affected

Weaknesses

  • Incorrect Control Flow Scoping

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References