Powerdns Recursor
23 CVEs affecting Powerdns Recursor. Latest disclosed: 2026-04-22. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59023 | High | 8.2 | 2026-02-09 | Crafted delegations or IP fragments can poison cached delegations in Recursor. |
CVE-2025-59030 | High | 7.5 | 2025-12-09 | An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP. |
CVE-2025-30192 | High | 7.5 | 2025-07-21 | An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version… |
CVE-2025-30195 | High | 7.5 | 2025-04-07 | An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses a… |
CVE-2024-25590 | High | 7.5 | 2024-10-03 | An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of s… |
CVE-2024-25583 | High | 7.5 | 2024-04-25 | A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default co… |
CVE-2025-59024 | Medium | 6.5 | 2026-02-09 | Crafted delegations or IP fragments can poison cached delegations in Recursor. |
CVE-2026-33262 | Medium | 5.9 | 2026-04-22 | An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are d… |
CVE-2026-33261 | Medium | 5.9 | 2026-04-22 | A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service. |
CVE-2026-33260 | Medium | 5.3 | 2026-04-22 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server… |
CVE-2026-33258 | Medium | 5.3 | 2026-04-22 | By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches. |
CVE-2026-33257 | Medium | 5.3 | 2026-04-22 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server… |
CVE-2026-33256 | Medium | 5.3 | 2026-04-22 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server… |
CVE-2026-24027 | Medium | 5.3 | 2026-02-09 | Crafted zones can lead to increased incoming network traffic. |
CVE-2026-0398 | Medium | 5.3 | 2026-02-09 | Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor. |
CVE-2025-59029 | Medium | 5.3 | 2025-12-09 | An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with… |
CVE-2026-33259 | Medium | 5.0 | 2026-04-22 | Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfer… |
CVE-2026-33601 | Medium | 4.4 | 2026-04-22 | If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a m… |
CVE-2026-33600 | Medium | 4.4 | 2026-04-22 | An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of serv… |
CVE-2023-26437 | Low | 3.4 | 2023-04-04 | Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through… |