Home

Description

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0.

PUBLISHED Reserved 2026-05-12 | Published 2026-05-19 | Updated 2026-05-19 | Assigner cisa-cg




MEDIUM: 5.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

Problem types

CWE-405 Asymmetric Resource Consumption (Amplification)

CWE-406 Insufficient Control of Network Message Volume (Network Amplification)

CWE-770 Allocation of Resources Without Limits or Throttling

Product status

Default status
unknown

Any version before 15.0
affected

15.0
unaffected

Credits

Shuhan Zhang, Tsinghua University

Dan Li, Tsinghua University

Baojun Liu, Tsinghua University

References

github.com/...tiumSoftware/DnsServer/blo/master/CHANGELOG.md (url) patch

raw.githubusercontent.com/...IT/white/2025/va-26-138-02.json (url)

www.cve.org/CVERecord?id=CVE-2026-45557 (url)

cve.org (CVE-2026-45557)

nvd.nist.gov (CVE-2026-45557)

Download JSON