CVE-2026-42254

Summary

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response.

Affected Software

VendorProductVersion RangeStatus
Hickory ProjectHickory DNS0.1 < 0.26affected

Weaknesses

  • CWE-706: CWE-706 Use of Incorrectly-Resolved Name or Reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References