Home

Description

Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.

PUBLISHED Reserved 2026-03-23 | Published 2026-04-22 | Updated 2026-04-22 | Assigner OX




MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Product status

Default status
unaffected

5.0.0 (semver) before 5.0.4
affected

4.9.0 (semver) before 4.9.14
affected

Credits

ylwango613 finder

References

docs.powerdns.com/...powerdns-advisory-powerdns-2026-05.html

cve.org (CVE-2026-33609)

nvd.nist.gov (CVE-2026-33609)

Download JSON