{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33600", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "state": "PUBLISHED", "assignerShortName": "OX", "dateReserved": "2026-03-23T12:57:56.814Z", "datePublished": "2026-04-22T09:33:12.052Z", "dateUpdated": "2026-04-22T18:10:52.548Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-04-22T09:33:12.052Z"}, "title": "Null pointer dereference in RPZ transfer", "datePublic": "2026-04-21T22:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "description": "NULL Pointer Dereference", "type": "CWE"}]}], "affected": [{"vendor": "PowerDNS", "product": "Recursor", "collectionURL": "https://repo.powerdns.com/", "packageName": "pdns-recursor", "repo": "https://github.com/PowerDNS/pdns", "modules": ["Response Policy Zone"], "programFiles": ["rpzloader.cc"], "versions": [{"status": "affected", "version": "5.4.0", "lessThan": "5.4.1", "versionType": "semver"}, {"status": "affected", "version": "5.3.0", "lessThan": "5.3.6", "versionType": "semver"}, {"status": "affected", "version": "5.2.0", "lessThan": "5.2.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.</p>"}]}], "references": [{"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "ylwango613", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T17:52:53.538831Z", "id": "CVE-2026-33600", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T18:10:52.548Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33600", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "state": "PUBLISHED", "assignerShortName": "OX", "dateReserved": "2026-03-23T12:57:56.814Z", "datePublished": "2026-04-22T09:33:12.052Z", "dateUpdated": "2026-04-22T18:10:52.548Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-04-22T09:33:12.052Z"}, "title": "Null pointer dereference in RPZ transfer", "datePublic": "2026-04-21T22:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "description": "NULL Pointer Dereference", "type": "CWE"}]}], "affected": [{"vendor": "PowerDNS", "product": "Recursor", "collectionURL": "https://repo.powerdns.com/", "packageName": "pdns-recursor", "repo": "https://github.com/PowerDNS/pdns", "modules": ["Response Policy Zone"], "programFiles": ["rpzloader.cc"], "versions": [{"status": "affected", "version": "5.4.0", "lessThan": "5.4.1", "versionType": "semver"}, {"status": "affected", "version": "5.3.0", "lessThan": "5.3.6", "versionType": "semver"}, {"status": "affected", "version": "5.2.0", "lessThan": "5.2.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.</p>"}]}], "references": [{"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "ylwango613", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33600", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T17:52:53.538831Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T17:59:23.349Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBDA7C62-FAD4-470C-A6FE-4CF19B0BD4AD", "versionEndExcluding": "5.2.9", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F7AC884-348F-47B1-8853-49BFEDBEA9EA", "versionEndExcluding": "5.3.6", "versionStartIncluding": "5.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:recursor:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B201BAD-5A74-45E9-91FD-5E950BA18BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service."}], "id": "CVE-2026-33600", "lastModified": "2026-04-27T16:59:23.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "security@open-xchange.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-22T10:16:52.107", "references": [{"source": "security@open-xchange.com", "tags": ["Vendor Advisory", "Broken Link"], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}], "sourceIdentifier": "security@open-xchange.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.4.0,5.4.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.3.0,5.3.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.2.0,5.2.9)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Recursor", "source": "cna", "vendor": "PowerDNS"}, "product": "recursor", "vendor": "powerdns"}], "analysis": {"en": {"generated_at": "2026-04-22T10:50:57.502931+00:00", "value": {"mitigation_remediation": ["Upgrade PowerDNS Recursor to a patched version that includes null\u2011pointer checks for RPZ records.", "If a patch cannot be applied immediately, disable RPZ support or restrict RPZ to trusted authoritative servers only.", "Continuously monitor recursor logs for crashes or anomalous RPZ traffic and apply hardening of input validation to mitigate similar defects."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All installations of PowerDNS Recursor are vulnerable unless the software has been updated to a patched release. No specific version range is provided, so any currently deployed recursor may be impacted.", "description_and_impact": "A malicious authoritative DNS server can send a Response Policy Zone (RPZ) record that causes the PowerDNS Recursor to dereference a null pointer. The missing consistency check triggers the crash, taking the recursor process offline and denying all DNS queries that reach the affected instance.", "risk_and_exploitability": "The CVSS score of 4.4 indicates moderate severity. EPSS data is not available and the vulnerability is not listed in CISA KEV, suggesting a lower exploitation probability. The likely attack vector is a remote DNS query sent to the recursor that contains a crafted RPZ record from an attacker-controlled authoritative server. Because the flaw results in a crash rather than data compromise, the primary consequence is downtime of the affected DNS service."}}}}, "created": "2026-04-22T10:30:14.393793+00:00", "updated": "2026-04-22T11:00:09.087789+00:00", "vendors": ["powerdns", "powerdns$PRODUCT$recursor"], "weaknesses": ["CWE-476"]}