CVE-2026-0398 PUBLISHED

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor

Assigner: OX
Reserved: 28.11.2025 Published: 09.02.2026 Updated: 09.02.2026

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS Score: 5.3

Product Status

Vendor PowerDNS
Product Recursor
Versions Default: unaffected
  • affected from 5.3.0 to 5.3.5 (excl.)
  • affected from 5.2.0 to 5.2.8 (excl.)
  • affected from 5.1.0 to 5.1.10 (excl.)

Credits

  • Yufan You from Tsinghua University finder
  • TaoFei Guo from Peking University finder
  • Yang Luo from Tsinghua University finder
  • JianJun Chen from Tsinghua University finder

References

Problem Types

  • Allocation of Resources Without Limits or Throttling CWE