CVE-2026-52690

Summary

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail.

Affected Software

VendorProductVersion RangeStatus
PowerDNSRecursor5.2.0 < 5.2.11affected
PowerDNSRecursor5.3.0 < 5.3.8affected
PowerDNSRecursor5.4.0 < 5.4.3affected

Weaknesses

  • Authentication Bypass by Spoofing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References