Vulnerability in Powerdns Dnsdist

CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Powerdns Dnsdist — versions 1.9.0, 2.0.0

Weakness classification (CWE)

CWE-705

References

security@open-xchange.com

Frequently asked questions

What is CVE-2026-40208?: CVE-2026-40208 is a low-severity vulnerability in Powerdns Dnsdist, classified under CWE-705. CVSS score: 3.7/10. Published 2026-06-25.
How severe is CVE-2026-40208?: Low severity. CVSS v3 base score is 3.7 out of 10.