CVE-2026-33611 | THREATINT

Description

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.

PUBLISHED Reserved 2026-03-23 | Published 2026-04-22 | Updated 2026-04-22 | Assigner OX

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Problem types

Integer Overflow or Wraparound

Product status

Default status

unaffected

5.0.0 (semver) before 5.0.4

affected

4.9.0 (semver) before 4.9.14

affected

Credits

Tibs finder

References

docs.powerdns.com/...powerdns-advisory-powerdns-2026-05.html

cve.org (CVE-2026-33611)

nvd.nist.gov (CVE-2026-33611)

Download JSON