CVE-2026-45557 PUBLISHED

Technitium DNS Server excessive DNSSEC requests

Assigner: cisa-cg
Reserved: 12.05.2026 Published: 19.05.2026 Updated: 19.05.2026

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
CVSS Score: 6.9

Product Status

Vendor Technitium
Product DNS Server
Versions Default: unknown
  • affected from 0 to 15.0 (excl.)
  • Version 15.0 is unaffected

Credits

  • Shuhan Zhang, Tsinghua University
  • Dan Li, Tsinghua University
  • Baojun Liu, Tsinghua University

References

Problem Types

  • CWE-405 Asymmetric Resource Consumption (Amplification) CWE
  • CWE-406 Insufficient Control of Network Message Volume (Network Amplification) CWE
  • CWE-770 Allocation of Resources Without Limits or Throttling CWE