CVE-2026-40209

Summary

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or if the process runs out of file descriptors.

Affected Software

VendorProductVersion RangeStatus
PowerDNSDNSdist1.9.0 < 1.9.15affected
PowerDNSDNSdist2.0.0 < 2.0.7affected

Weaknesses

  • Missing Release of Resource after Effective Lifetime

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References