Description
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;
Published: 2026-06-25
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Recursor mistakenly stores ECS zero scoped answers in its packet cache, leading to potential leakage of sensitive data to clients that query the DNS server. The flaw results in a confidentiality breach where endpoints may receive domain resolution information that should remain private. This is an input validation and caching weakness that can expose various records to unauthorized parties.

Affected Systems

PowerDNS:Recursor is affected. All installations with ECS enabled are potentially vulnerable, as no specific version details are provided.

Risk and Exploitability

The CVSS score of 5.3 places the issue in a moderate range. The EPSS score is currently unavailable, and the vulnerability is not listed in CISA KEV catalog. Attack vectors are likely through legitimate DNS queries from clients to the Recursor when ECS is enabled, allowing the attacker to obtain cached answers that were not meant for public dissemination.

Generated by OpenCVE AI on June 25, 2026 at 16:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest PowerDNS Recursor update as detailed in the official advisory.
  • If disabling ECS is an option, configure the Recursor to turn off the ECS feature as a temporary workaround.
  • Restart the Recursor service to ensure the new configuration takes effect and that cached zero scoped answers are cleared.

Generated by OpenCVE AI on June 25, 2026 at 16:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Thu, 25 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-524
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;
Title Information about ECS zero scoped answers might leak to clients that use a specific ECS
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: OX

Published:

Updated: 2026-06-25T14:41:00.796Z

Reserved: 2026-04-08T09:59:59.342Z

Link: CVE-2026-40012

cve-icon Vulnrichment

Updated: 2026-06-25T14:40:52.251Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T16:15:15Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

  • CWE-524

    Use of Cache Containing Sensitive Information