CVE-2026-33608

critical

Description

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

References

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

Details

Source: Mitre, NVD

Published: 2026-04-22

Updated: 2026-04-24

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H