Description
An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components
Published: 2026-06-26
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An issue in Technitium DNS Server version 14.3 and earlier allows a denial of service by targeting the DnsServerApp.exe, DnsServerApp.dll, and TechnitiumLibrary.Net/Dns/DnsClient.cs components. The vulnerability can be triggered from outside the local network and leads to a crash or unresponsive state of the DNS service, potentially disrupting normal DNS resolution for clients that rely on that server. It does not provide code execution or data disclosure capabilities, but the interruption of DNS service can have serious availability consequences for organizations depending on it.

Affected Systems

Technitium DNS Server v14.3 and all prior releases. The affected components are the DnsServerApp executable, its associated dynamic link library, and the DnsClient code in the TechnitiumLibrary.Net namespace. Administrators should verify that they are running any version of the software predating the fix, and consider upgrading if possible.

Risk and Exploitability

The EPSS score for this vulnerability is < 1 % and it is not listed in the CISA KEV catalog, so the probability of exploitation remains low but not negligible. The CVSS score of 7.5 indicates a high severity denial‑of‑service impact. An attacker who can reach the DNS server can trigger the flaw remotely and cause the service to crash or become unresponsive, disrupting DNS resolution for clients. No special privileges or internal access are required, so any external host able to contact the server may be able to trigger the exploit.

Generated by OpenCVE AI on June 29, 2026 at 17:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Technitium DNS Server to the latest available release that supersedes version 14.3.
  • If an update is not immediately possible, place the DNS server within a protected network segment and restrict ingress traffic to necessary ports only.
  • Configure firewall or intrusion‑prevention rules to limit the rate of DNS queries from untrusted sources, reducing the impact of a DoS trigger.

Generated by OpenCVE AI on June 29, 2026 at 17:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 05 Jul 2026 02:00:00 +0000

Type Values Removed Values Added
References

Mon, 29 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Technitium DNS Server Components
Weaknesses CWE-399

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 27 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
First Time appeared Technitium
Technitium dns Server
Vendors & Products Technitium
Technitium dns Server

Fri, 26 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Technitium DNS Server Components
Weaknesses CWE-399

Fri, 26 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components
References

Subscriptions

Technitium Dns Server
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-07-05T01:36:56.769Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36478

cve-icon Vulnrichment

Updated: 2026-06-29T13:33:05.822Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T17:30:06Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption