Known Vulnerabilities for products from PowerDNS
Listed below are 20 of the newest known vulnerabilities associated with the vendor "PowerDNS".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33610 json | Not Provided | 2026-04-22 | 2026-04-22 | |
| CVE-2026-27854 json | An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getED... | Not Provided | 2026-03-31 | 2026-04-14 |
| CVE-2026-27853 json | An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuesti... | Not Provided | 2026-03-31 | 2026-04-14 |
| CVE-2026-24030 json | An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 ... | Not Provided | 2026-03-31 | 2026-04-14 |
| CVE-2026-24029 json | When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the ... | Not Provided | 2026-03-31 | 2026-04-14 |
| CVE-2026-24028 json | An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code use... | Not Provided | 2026-03-31 | 2026-04-14 |
| CVE-2026-24027 json | Crafted zones can lead to increased incoming network traffic. | Not Provided | 2026-02-09 | 2026-04-20 |
| CVE-2026-0398 json | Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor. | Not Provided | 2026-02-09 | 2026-04-20 |
| CVE-2026-0397 json | When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to t... | Not Provided | 2026-03-31 | 2026-04-14 |
| CVE-2026-0396 json | An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist ... | Not Provided | 2026-03-31 | 2026-04-13 |
| CVE-2025-59024 json | Crafted delegations or IP fragments can poison cached delegations in Recursor. | Not Provided | 2026-02-09 | 2026-04-20 |
| CVE-2025-59023 json | Crafted delegations or IP fragments can poison cached delegations in Recursor. | Not Provided | 2026-02-09 | 2026-04-20 |
| CVE-2023-26437 json | Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects... | 5.3 - MEDIUM | 2023-04-04 | 2023-04-15 |
| CVE-2023-22617 json | A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS reco... | 7.5 - HIGH | 2023-01-21 | 2023-01-31 |
| CVE-2022-37428 json | PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a T... | 6.5 - MEDIUM | 2022-08-23 | 2023-11-07 |
| CVE-2022-27227 json | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8,... | 7.5 - HIGH | 2022-03-25 | 2023-11-07 |
| CVE-2021-36754 json | PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535... | 7.5 - HIGH | 2021-07-30 | 2021-08-07 |
| CVE-2020-25829 json | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can... | 7.5 - HIGH | 2020-10-16 | 2022-06-15 |
| CVE-2020-24698 json | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauth... | 9.8 - CRITICAL | 2020-10-02 | 2020-10-08 |
| CVE-2020-24697 json | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauth... | 7.5 - HIGH | 2020-10-02 | 2020-10-08 |
Known software with vulnerabilities from PowerDNS
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Powerdns | Authoritative | 1.0.0 |
| Application | Powerdns | Authoritative Server | 2.9.22 |
| Application | Powerdns | Dnsdist | 1.0.0 |
| Application | Powerdns | Pdns | 4.0.0 |
| Application | Powerdns | Recursor | 3.0 |