Description
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;
Published: 2026-06-25
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Recursor mistakenly stores ECS zero scoped answers in its packet cache, leading to potential leakage of sensitive data to clients that query the DNS server. The flaw results in a confidentiality breach, constituting a CWE‑524 weakness where sensitive data is stored in a cache that should not be. This caching flaw can expose various records to unauthorized parties.

Affected Systems

PowerDNS:Recursor is affected. All installations with ECS enabled are potentially vulnerable, as no specific version details are provided.

Risk and Exploitability

The CVSS score of 5.3 places the issue in a moderate range. The EPSS score is currently unavailable, and the vulnerability is not listed in CISA KEV catalog. Attack vectors are likely through legitimate DNS queries from clients to the Recursor when ECS is enabled, allowing the attacker to obtain cached answers that were not meant for public dissemination.

Generated by OpenCVE AI on June 25, 2026 at 21:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest PowerDNS Recursor update as detailed in the official advisory.
  • If disabling ECS is an option, configure the Recursor to turn off the ECS feature as a temporary workaround.
  • Restart the Recursor service to ensure the new configuration takes effect and that cached zero scoped answers are cleared.

Generated by OpenCVE AI on June 25, 2026 at 21:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6369-1 pdns-recursor security update
History

Thu, 25 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Powerdns
Powerdns recursor
Vendors & Products Powerdns
Powerdns recursor

Thu, 25 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Thu, 25 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Thu, 25 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Thu, 25 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Thu, 25 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-524
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;
Title Information about ECS zero scoped answers might leak to clients that use a specific ECS
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


Subscriptions

Powerdns Recursor
cve-icon MITRE

Status: PUBLISHED

Assigner: OX

Published:

Updated: 2026-06-25T14:41:00.796Z

Reserved: 2026-04-08T09:59:59.342Z

Link: CVE-2026-40012

cve-icon Vulnrichment

Updated: 2026-06-25T14:40:52.251Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T22:00:12Z

Weaknesses
  • CWE-524

    Use of Cache Containing Sensitive Information