3.7
CVE-2026-40011
- EPSS 0.16%
- Veröffentlicht 25.06.2026 12:22:19
- Zuletzt bearbeitet 25.06.2026 16:00:30
- Quelle security@open-xchange.com
- CVE-Watchlists
- Unerledigt
Prometheus denial of service via crafted DNS queries
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPowerDNS
≫
Produkt
DNSdist
Default Statusunaffected
Version
1.9.0
Version <
1.9.15
Status
affected
Version
2.0.0
Version <
2.0.7
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.054 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@open-xchange.com | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-116 Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html