Powerdns Authoritative
16 CVEs affecting Powerdns Authoritative. Latest disclosed: 2026-05-21. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42001 | High | 7.5 | 2026-05-21 | Insufficient Validation of Autoprimary SOA Queries |
CVE-2016-5427 | High | 7.5 | 2016-09-21 | PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of ser… |
CVE-2016-5426 | High | 7.5 | 2016-09-21 | PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. |
CVE-2026-33608 | High | 7.4 | 2026-04-22 | An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration t… |
CVE-2026-42000 | Medium | 6.8 | 2026-05-21 | Insufficient Validation of Names During AXFR |
CVE-2026-33611 | Medium | 6.5 | 2026-04-22 | An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database… |
CVE-2026-42002 | Medium | 5.9 | 2026-05-21 | Concurrency and locking defects in GSS-TSIG |
CVE-2026-33610 | Medium | 5.9 | 2026-04-22 | A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request… |
CVE-2026-33609 | Medium | 5.3 | 2026-04-22 | Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees. |
CVE-2026-33260 | Medium | 5.3 | 2026-04-22 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server… |
CVE-2026-33257 | Medium | 5.3 | 2026-04-22 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server… |
CVE-2026-42396 | Medium | 4.9 | 2026-05-21 | Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail |
CVE-2026-41999 | Medium | 4.8 | 2026-05-21 | Incorrect Behaviour of Views with TCP PROXY Requests |
CVE-2015-5311 | | 2015-11-17 | PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via craft… | |
CVE-2015-5470 | | 2015-11-02 | The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3… | |
CVE-2015-1868 | | 2015-05-18 | The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x befor… |