{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33593", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "state": "PUBLISHED", "assignerShortName": "OX", "dateReserved": "2026-03-23T12:57:56.813Z", "datePublished": "2026-04-22T13:48:31.103Z", "dateUpdated": "2026-04-22T14:29:07.880Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-04-22T13:48:31.103Z"}, "title": "Denial of service via crafted DNSCrypt query", "datePublic": "2026-04-21T22:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "description": "Divide By Zero", "type": "CWE"}]}], "affected": [{"vendor": "PowerDNS", "product": "DNSdist", "collectionURL": "https://repo.powerdns.com/", "packageName": "dnsdist", "repo": "https://github.com/PowerDNS/pdns", "modules": ["DNSCrypt"], "programFiles": ["dnscrypt.cc"], "versions": [{"status": "affected", "version": "1.9.0", "lessThan": "1.9.13", "versionType": "semver"}, {"status": "affected", "version": "2.0.0", "lessThan": "2.0.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.</p>"}]}], "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "Haruto Kimura (Stella)", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-369", "lang": "en", "description": "CWE-369 Divide By Zero"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T14:29:04.663683Z", "id": "CVE-2026-33593", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T14:29:07.880Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33593", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T14:29:04.663683Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-369", "description": "CWE-369 Divide By Zero"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T14:28:59.179Z"}}], "cna": {"title": "Denial of service via crafted DNSCrypt query", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Haruto Kimura (Stella)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/PowerDNS/pdns", "vendor": "PowerDNS", "modules": ["DNSCrypt"], "product": "DNSdist", "versions": [{"status": "affected", "version": "1.9.0", "lessThan": "1.9.13", "versionType": "semver"}, {"status": "affected", "version": "2.0.0", "lessThan": "2.0.4", "versionType": "semver"}], "packageName": "dnsdist", "programFiles": ["dnscrypt.cc"], "collectionURL": "https://repo.powerdns.com/", "defaultStatus": "unaffected"}], "datePublic": "2026-04-21T22:00:00.000Z", "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.", "supportingMedia": [{"type": "text/html", "value": "<p>A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "Divide By Zero"}]}], "providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-04-22T13:48:31.103Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33593", "state": "PUBLISHED", "dateUpdated": "2026-04-22T14:29:07.880Z", "dateReserved": "2026-03-23T12:57:56.813Z", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "datePublished": "2026-04-22T13:48:31.103Z", "assignerShortName": "OX"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCC2DF11-EC5C-4112-90F2-C266CB65D390", "versionEndExcluding": "1.9.13", "versionStartIncluding": "1.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*", "matchCriteriaId": "29865EC6-C1A0-40F3-B0BB-7F71F9C1DCB7", "versionEndExcluding": "2.0.4", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query."}], "id": "CVE-2026-33593", "lastModified": "2026-04-24T18:49:36.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@open-xchange.com", "type": "Secondary"}]}, "published": "2026-04-22T14:16:53.713", "references": [{"source": "security@open-xchange.com", "tags": ["Vendor Advisory"], "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"}], "sourceIdentifier": "security@open-xchange.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-369"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.9.0,1.9.13)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.0.0,2.0.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNSdist", "source": "cna", "vendor": "PowerDNS"}, "product": "dnsdist", "vendor": "powerdns"}], "analysis": {"en": {"generated_at": "2026-04-28T08:25:06.797772+00:00", "value": {"mitigation_remediation": ["Check the PowerDNS DNSdist advisory for the latest patch version and apply the fix as soon as it is available.", "If an immediate upgrade is not feasible, consider disabling DNSCrypt support temporarily to prevent the crafted queries from reaching DNSdist.", "Monitor DNSdist logs and network traffic for abnormal crash patterns as an early warning of exploitation attempts."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the PowerDNS DNSdist product. No specific version numbers are given in the advisory, so all currently deployed instances of DNSdist may be vulnerable until a patch is applied.", "description_and_impact": "A client can trigger a divide by zero error in DNSdist, causing the server to crash from a crafted DNSCrypt query. Based on the description, it is inferred that the crash results in a denial of service that affects the availability of the DNS service for all clients. This flaw is classified as CWE\u2011369, a divide\u2011by\u2011zero weakness.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity. Based on the description, it is inferred that the exploit requires only the ability to send a crafted DNSCrypt query to the vulnerable DNSdist server, so remote attackers can trigger the crash. The EPSS score is < 1%, indicating a very low but nonzero exploitation probability. The flaw is not listed in CISA KEV, meaning there is no confirmed exploitation data yet. Nonetheless, the high severity and the inferred remote attack vector make it a significant risk for environments that rely on DNSdist."}}}}, "created": "2026-04-22T19:00:07.813042+00:00", "updated": "2026-04-28T08:30:13.190352+00:00", "vendors": ["powerdns", "powerdns$PRODUCT$dnsdist"]}