CVE-2026-33256 | THREATINT

Description

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

PUBLISHED Reserved 2026-03-18 | Published 2026-04-22 | Updated 2026-04-22 | Assigner OX

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

Allocation of Resources Without Limits or Throttling

Product status

Default status

unaffected

5.4.0 (semver) before 5.4.1

affected

5.3.0 (semver) before 5.3.6

affected

5.2.0 (semver) before 5.2.9

affected

Credits

Ap4sh - Samy Medjahed and Ethicxz - Eliott Laurie Ap4sh / Ethicxz finder

References

docs.powerdns.com/...powerdns-advisory-powerdns-2026-03.html

cve.org (CVE-2026-33256)

nvd.nist.gov (CVE-2026-33256)

Download JSON