CVE-2026-40208 PUBLISHED

Denial of service via DoH3 queries

Assigner: OX
Reserved: 10.04.2026 Published: 25.06.2026 Updated: 25.06.2026

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS Score: 3.7

Product Status

Vendor PowerDNS
Product DNSdist
Versions Default: unaffected
  • affected from 1.9.0 to 1.9.15 (excl.)
  • affected from 2.0.0 to 2.0.7 (excl.)

Credits

  • ylwango613 finder

References

Problem Types

  • Incorrect Control Flow Scoping CWE