Description
Crafted zones can lead to increased incoming network traffic.
Published: 2026-02-09
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

CVE-2026-24027 exploits a flaw in PowerDNS Recursor where specially crafted zone data can cause the service to process an unusually high volume of queries. The result is an escalation of incoming network traffic that can overwhelm the recursor, compromising its availability. The weakness falls under improper resource consumption, aligned with CWE‑294.

Affected Systems

The vulnerability affects the PowerDNS Recursor product. No specific version information is provided in the CNA data, so all installations of PowerDNS Recursor remain potentially impacted until a patch is applied.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, while the EPSS score of less than 1% suggests that exploitation is unlikely to be common. The vulnerability is not listed in the CISA KEV catalog. Attackers could remotely trigger the effect by sending crafted zone queries over the network, making the attack vector remote and external. The overall risk is moderate, primarily due to the availability impact and the low probability of exploitation.

Generated by OpenCVE AI on April 20, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update PowerDNS Recursor to the latest version that contains the fix for the zone handling flaw
  • Configure the recursor to limit query rates or restrict zone referrals to trusted clients
  • Implement network‑level rate limiting or firewall rules to mitigate traffic spikes from malicious zone queries

Generated by OpenCVE AI on April 20, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6134-1 pdns-recursor security update
History

Mon, 20 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Mon, 20 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-294
CPEs cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*

Fri, 17 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Powerdns
Powerdns recursor
Vendors & Products Powerdns
Powerdns recursor

Mon, 09 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 14:45:00 +0000

Type Values Removed Values Added
Description Crafted zones can lead to increased incoming network traffic.
Title Crafted zones can lead to increased incoming network traffic
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Powerdns Recursor
cve-icon MITRE

Status: PUBLISHED

Assigner: OX

Published:

Updated: 2026-02-09T16:19:23.339Z

Reserved: 2026-01-20T14:56:25.872Z

Link: CVE-2026-24027

cve-icon Vulnrichment

Updated: 2026-02-09T16:19:16.844Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-09T15:16:11.587

Modified: 2026-04-20T14:55:39.140

Link: CVE-2026-24027

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T19:00:10Z

Weaknesses