CVE-2026-42254 | THREATINT

Description

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response.

PUBLISHED Reserved 2026-04-26 | Published 2026-04-26 | Updated 2026-04-26 | Assigner mitre

MEDIUM: 4.0CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Problem types

CWE-706 Use of Incorrectly-Resolved Name or Reference

Product status

Default status

unaffected

0.1 (custom) before 0.26

affected

References

github.com/...ry-dns/security/advisories/GHSA-83hf-93m4-rgwq

cve.org (CVE-2026-42254)

nvd.nist.gov (CVE-2026-42254)

Download JSON