Description
Insufficient Validation of Autoprimary SOA Queries
Published: 2026-05-21
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PowerDNS Authoritative does not properly validate autoprimary SOA queries. This weakness can allow an attacker to send crafted requests that are incorrectly treated as legitimate, potentially leading the server to generate invalid or unintended DNS responses. The effect is primarily a disruption of DNS service availability, compromising the integrity of name resolution for affected zones.

Affected Systems

The flaw affects PowerDNS Authoritative instances, but no specific version information is listed. All deployments using the default autoprimary SOA handling in PowerDNS are potentially vulnerable until a fix is applied.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, while the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, network-based queries to the DNS server. If exploited, the attacker could induce a denial‑of‑service condition, preventing legitimate domain resolution for clients that rely on the affected PowerDNS server.

Generated by OpenCVE AI on May 21, 2026 at 13:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest PowerDNS Authoritative patch that corrects the insufficient validation of autoprimary SOA queries (CWE‑400).
  • If an upgrade is not immediately possible, disable autoprimary SOA query handling or restrict it to a minimal set of zones until the fix is applied, thereby eliminating the validation weakness.
  • Configure network filtering or rate limiting for DNS queries to mitigate malformed request traffic and reduce the likelihood of exhausting server resources.

Generated by OpenCVE AI on May 21, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6284-1 pdns security update
History

Thu, 21 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Powerdns
Powerdns authoritative
Vendors & Products Powerdns
Powerdns authoritative

Thu, 21 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description Insufficient Validation of Autoprimary SOA Queries
Title Insufficient Validation of Autoprimary SOA Queries
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Powerdns Authoritative
cve-icon MITRE

Status: PUBLISHED

Assigner: OX

Published:

Updated: 2026-05-21T12:01:03.812Z

Reserved: 2026-04-23T11:15:21.198Z

Link: CVE-2026-42001

cve-icon Vulnrichment

Updated: 2026-05-21T12:00:19.566Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-21T10:16:25.683

Modified: 2026-05-21T15:27:51.530

Link: CVE-2026-42001

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T14:00:12Z

Weaknesses