This page lists publicly disclosed CVE vulnerabilities affecting powerdns authoritative (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-42396 | Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail | [email protected] | 4.9 | 0.35% | 2026-05-21 | 2026-06-17 |
| CVE-2026-42002 | Concurrency and locking defects in GSS-TSIG | [email protected] | 5.9 | 0.26% | 2026-05-21 | 2026-06-17 |
| CVE-2026-42001 | Insufficient Validation of Autoprimary SOA Queries | [email protected] | 7.5 | 0.36% | 2026-05-21 | 2026-06-17 |
| CVE-2026-42000 | Insufficient Validation of Names During AXFR | [email protected] | 6.8 | 0.24% | 2026-05-21 | 2026-06-17 |
| CVE-2026-41999 | Incorrect Behaviour of Views with TCP PROXY Requests | [email protected] | 4.8 | 0.14% | 2026-05-21 | 2026-06-17 |
| CVE-2026-33611 | An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend. | [email protected] | 6.5 | 0.42% | 2026-04-22 | 2026-06-17 |
| CVE-2026-33610 | A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it. | [email protected] | 5.9 | 0.39% | 2026-04-22 | 2026-06-17 |
| CVE-2026-33609 | Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees. | [email protected] | 5.3 | 0.24% | 2026-04-22 | 2026-06-17 |
| CVE-2026-33608 | An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it. | [email protected] | 7.4 | 0.38% | 2026-04-22 | 2026-06-17 |
| CVE-2026-33260 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | [email protected] | 5.3 | 0.52% | 2026-04-22 | 2026-06-17 |
| CVE-2026-33257 | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | [email protected] | 5.3 | 0.51% | 2026-04-22 | 2026-06-17 |
| CVE-2020-24698 | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. | [email protected] | 9.8 | 3.16% | 2020-10-02 | 2026-06-16 |
| CVE-2020-24697 | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. | [email protected] | 7.5 | 4.36% | 2020-10-02 | 2026-06-16 |
| CVE-2020-24696 | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. | [email protected] | 8.1 | 1.36% | 2020-10-02 | 2026-06-16 |
| CVE-2020-17482 | An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. | [email protected] | 4.3 | 2.56% | 2020-10-02 | 2026-06-16 |
| CVE-2015-5230 | The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. | [email protected] | 7.5 | 9.02% | 2020-01-15 | 2026-06-16 |
| CVE-2019-10163 | A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. | [email protected] | 4.3 | 1.00% | 2019-07-30 | 2026-06-16 |
| CVE-2019-10162 | A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify. | [email protected] | 7.5 | 1.69% | 2019-07-30 | 2026-06-16 |
| CVE-2018-14626 | PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. | [email protected] | 5.3 | 2.72% | 2018-11-29 | 2026-06-16 |
| CVE-2018-10851 | PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. | [email protected] | 5.3 | 6.04% | 2018-11-29 | 2026-06-16 |