CVE-2026-40719

Summary

Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved.

Affected Software

VendorProductVersion RangeStatus
MaraDNSMaraDNS3.5.0036affected

Weaknesses

  • CWE-670: CWE-670 Always-Incorrect Control Flow Implementation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References