Description
Concurrency and locking defects in GSS-TSIG
Published: 2026-05-21
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a concurrency and locking defect in the GSS‑TSIG implementation of the PowerDNS Authoritative server. This defect allows a race condition that could enable an attacker to corrupt internal state or cause processing delays, potentially leading to data integrity issues or denial of service. The weakness is a classic race condition (CWE‑1345).

Affected Systems

Affected systems are deployments of the PowerDNS Authoritative server. The product line is identified as PowerDNS:Authoritative, and no specific version information is provided in the advisory, so all released versions may need to be reviewed for the presence of the defect.

Risk and Exploitability

The CVSS score of 5.9 places the risk in a medium category, and the EPSS score is not available, making it difficult to gauge current exploitation probability. The advisory does not list the vulnerability in CISA’s KEV catalog. Because the flaw relates to GSS‑TSIG authentication handshakes, it is inferred that the attack vector is network‑based and could be triggered by sending specially crafted GSS‑TSIG queries, though this inference is based solely on the nature of GSS‑TSIG traffic and not directly stated in the advisory.

Generated by OpenCVE AI on May 21, 2026 at 13:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • If a newer release or patch includes a fix for concurrency and locking defects, upgrade or apply the patch.
  • Limit GSS‑TSIG query traffic to trusted clients only, using firewall or access controls to reduce potential exploitation.
  • Monitor DNS performance and error logs for anomalies such as unexpected reloads or transaction failures.

Generated by OpenCVE AI on May 21, 2026 at 13:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6284-1 pdns security update
History

Thu, 21 May 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Powerdns
Powerdns authoritative
Vendors & Products Powerdns
Powerdns authoritative

Thu, 21 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1345
CWE-364
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description Concurrency and locking defects in GSS-TSIG
Title Concurrency and locking defects in GSS-TSIG
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Powerdns Authoritative
cve-icon MITRE

Status: PUBLISHED

Assigner: OX

Published:

Updated: 2026-05-21T11:59:46.710Z

Reserved: 2026-04-23T11:15:21.198Z

Link: CVE-2026-42002

cve-icon Vulnrichment

Updated: 2026-05-21T11:58:52.576Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-21T10:16:25.800

Modified: 2026-05-21T15:27:51.530

Link: CVE-2026-42002

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T13:30:11Z

Weaknesses