3.7
CVE-2026-42004
- EPSS 0.16%
- Veröffentlicht 25.06.2026 12:24:20
- Zuletzt bearbeitet 25.06.2026 15:59:47
- Quelle security@open-xchange.com
- CVE-Watchlists
- Unerledigt
EDNS options smuggling
An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPowerDNS
≫
Produkt
DNSdist
Default Statusunaffected
Version
1.9.0
Version <
1.9.15
Status
affected
Version
2.0.0
Version <
2.0.7
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.057 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@open-xchange.com | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-115 Misinterpretation of Input
The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html