CVE-2026-33608

HIGH CVSS 7.4 View on NVD ↗

Description

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

References

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

Published: Apr 22, 2026 14:16 UTC Modified: Apr 22, 2026 21:23 UTC