Description
An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.
Published: 2026-04-22
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

A malicious authoritative DNS server can send a Response Policy Zone (RPZ) record that causes the PowerDNS Recursor to dereference a null pointer. The missing consistency check triggers the crash, taking the recursor process offline and denying all DNS queries that reach the affected instance.

Affected Systems

All installations of PowerDNS Recursor are vulnerable unless the software has been updated to a patched release. No specific version range is provided, so any currently deployed recursor may be impacted.

Risk and Exploitability

The CVSS score of 4.4 indicates moderate severity. EPSS data is not available and the vulnerability is not listed in CISA KEV, suggesting a lower exploitation probability. The likely attack vector is a remote DNS query sent to the recursor that contains a crafted RPZ record from an attacker-controlled authoritative server. Because the flaw results in a crash rather than data compromise, the primary consequence is downtime of the affected DNS service.

Generated by OpenCVE AI on April 22, 2026 at 10:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PowerDNS Recursor to a patched version that includes null‑pointer checks for RPZ records.
  • If a patch cannot be applied immediately, disable RPZ support or restrict RPZ to trusted authoritative servers only.
  • Continuously monitor recursor logs for crashes or anomalous RPZ traffic and apply hardening of input validation to mitigate similar defects.

Generated by OpenCVE AI on April 22, 2026 at 10:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 22 Apr 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Powerdns
Powerdns recursor
Vendors & Products Powerdns
Powerdns recursor

Wed, 22 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Description An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.
Title Null pointer dereference in RPZ transfer
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Powerdns Recursor
cve-icon MITRE

Status: PUBLISHED

Assigner: OX

Published:

Updated: 2026-04-22T18:10:52.548Z

Reserved: 2026-03-23T12:57:56.814Z

Link: CVE-2026-33600

cve-icon Vulnrichment

Updated: 2026-04-22T17:59:23.349Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T10:16:52.107

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-33600

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:00:09Z

Weaknesses