Description
Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.
Published: 2026-04-26
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: DNS Traffic Amplification
Action: Apply Patch
AI Analysis

Impact

A weakness in Technitium DNS Server permits DNS traffic amplification by exploiting cyclic name server delegation loops. The flaw enables an attacker to send specially crafted queries that trigger a chain of recursive delegations, producing excessive DNS responses that can overwhelm the network. Classified as CWE-684, an application‑logic weakness, the vulnerability leads to improper handling of DNS delegation paths and can create denial‑of‑service conditions.

Affected Systems

Technitium DNS Server versions earlier than 15.0 are affected. Any installation that has not been upgraded to 15.0 or newer is susceptible.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity, while the EPSS score of less than 1 % suggests that exploitation is currently unlikely. The likely attack vector is network‑based; based on the description, it is inferred that an external actor can send crafted DNS requests that trigger the amplification loop, potentially overwhelming the target with traffic. No local privileges or authentication are required.

Generated by OpenCVE AI on April 28, 2026 at 13:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Technitium DNS Server to version 15.0 or later.
  • Apply firewall or IDS rules to limit or filter DNS amplification traffic, such as restricting query sizes or rate‑limiting DNS responses.
  • Configure the DNS server to prevent cyclic delegation by enforcing a maximum delegation depth or disabling recursive lookups for untrusted zones.

Generated by OpenCVE AI on April 28, 2026 at 13:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title DNS Amplification via Cyclic Name Server Delegation

Mon, 27 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 04:15:00 +0000

Type Values Removed Values Added
Description Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.
First Time appeared Technitium
Technitium dnsserver
Weaknesses CWE-684
CPEs cpe:2.3:a:technitium:dnsserver:*:*:*:*:*:*:*:*
Vendors & Products Technitium
Technitium dnsserver
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L'}

Subscriptions

Technitium Dnsserver
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-27T13:31:57.425Z

Reserved: 2026-04-26T02:48:44.278Z

Link: CVE-2026-42255

cve-icon Vulnrichment

Updated: 2026-04-27T13:20:28.762Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-26T04:16:05.787

Modified: 2026-04-29T18:54:59.530

Link: CVE-2026-42255

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:30:32Z

Weaknesses