CVE-2026-42001
PowerDNS · Authoritative
PowerDNS Authoritative is susceptible to uncontrolled resource consumption due to insufficient validation of Autoprimary SOA queries.
Executive summary
Insufficient validation of SOA queries in PowerDNS Authoritative can lead to uncontrolled resource consumption and potential denial-of-service.
Vulnerability
The vulnerability relates to improper validation of Autoprimary SOA queries, which can be leveraged to cause uncontrolled resource consumption. This flaw is remotely exploitable and does not explicitly require authentication to trigger the resource exhaustion condition.
Business impact
Successful exploitation results in uncontrolled resource consumption, which effectively acts as a Denial of Service (DoS) against the DNS service. With a CVSS score of 7.5, this vulnerability represents a significant operational risk, potentially leading to infrastructure downtime and service unavailability for dependent systems.
Remediation
Immediate Action: Upgrade to PowerDNS Authoritative versions 4.9.15 or 5.0.5 or later to resolve the validation flaw.
Proactive Monitoring: Monitor server CPU and memory utilization for anomalous spikes consistent with resource exhaustion attacks.
Compensating Controls: Utilize rate limiting on DNS queries at the network perimeter to mitigate the impact of malicious query flooding.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The severity of this issue necessitates an urgent update to the patched versions provided by PowerDNS. Administrators should prioritize patching to ensure the continued availability and integrity of their DNS infrastructure.