{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33601", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "state": "PUBLISHED", "assignerShortName": "OX", "dateReserved": "2026-03-23T12:57:56.815Z", "datePublished": "2026-04-22T09:37:03.448Z", "dateUpdated": "2026-04-22T18:10:44.494Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-04-22T09:37:03.448Z"}, "title": "Insufficient validation of zonemd record", "datePublic": "2026-04-21T22:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "description": "NULL Pointer Dereference", "type": "CWE"}]}], "affected": [{"vendor": "PowerDNS", "product": "Recursor", "collectionURL": "https://repo.powerdns.com/", "packageName": "pdns-recursor", "repo": "https://github.com/PowerDNS/pdns", "modules": ["ZoneMD"], "programFiles": ["zonemd.cc"], "versions": [{"status": "affected", "version": "5.4.0", "lessThan": "5.4.1", "versionType": "semver"}, {"status": "affected", "version": "5.3.0", "lessThan": "5.3.6", "versionType": "semver"}, {"status": "affected", "version": "5.2.0", "lessThan": "5.2.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.</p>"}]}], "references": [{"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "ylwango613", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T17:52:54.742912Z", "id": "CVE-2026-33601", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T18:10:44.494Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33601", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T17:52:54.742912Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T18:00:19.125Z"}}], "cna": {"title": "Insufficient validation of zonemd record", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "ylwango613"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/PowerDNS/pdns", "vendor": "PowerDNS", "modules": ["ZoneMD"], "product": "Recursor", "versions": [{"status": "affected", "version": "5.4.0", "lessThan": "5.4.1", "versionType": "semver"}, {"status": "affected", "version": "5.3.0", "lessThan": "5.3.6", "versionType": "semver"}, {"status": "affected", "version": "5.2.0", "lessThan": "5.2.9", "versionType": "semver"}], "packageName": "pdns-recursor", "programFiles": ["zonemd.cc"], "collectionURL": "https://repo.powerdns.com/", "defaultStatus": "unaffected"}], "datePublic": "2026-04-21T22:00:00.000Z", "references": [{"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.", "supportingMedia": [{"type": "text/html", "value": "<p>If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-04-22T09:37:03.448Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33601", "state": "PUBLISHED", "dateUpdated": "2026-04-22T18:10:44.494Z", "dateReserved": "2026-03-23T12:57:56.815Z", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "datePublished": "2026-04-22T09:37:03.448Z", "assignerShortName": "OX"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBDA7C62-FAD4-470C-A6FE-4CF19B0BD4AD", "versionEndExcluding": "5.2.9", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F7AC884-348F-47B1-8853-49BFEDBEA9EA", "versionEndExcluding": "5.3.6", "versionStartIncluding": "5.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerdns:recursor:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B201BAD-5A74-45E9-91FD-5E950BA18BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service."}], "id": "CVE-2026-33601", "lastModified": "2026-04-27T16:58:57.087", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "security@open-xchange.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-22T10:16:52.223", "references": [{"source": "security@open-xchange.com", "tags": ["Vendor Advisory", "Broken Link"], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"}], "sourceIdentifier": "security@open-xchange.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.4.0,5.4.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.3.0,5.3.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.2.0,5.2.9)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Recursor", "source": "cna", "vendor": "PowerDNS"}, "product": "recursor", "vendor": "powerdns"}], "analysis": {"en": {"generated_at": "2026-04-22T11:23:37.070982+00:00", "value": {"mitigation_remediation": ["Upgrade PowerDNS Recursor to the version released in the advisory that contains the security fix.", "Restrict the use of zoneToCache to trusted authoritative servers, or disable the function if it is not required for your deployment.", "Implement monitoring of Recursor crash logs and configure automatic service restarts to restore availability more rapidly."], "summary": {"action": "Apply patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "This flaw affects the PowerDNS Recursor. No specific affected versions are listed in the advisory, so all releases that use the unpatched zoneToCache routine are potentially vulnerable until the vendor issues a fix.", "description_and_impact": "A missing consistency check in the zoneToCache function allows an attacker to craft a malicious zone that causes a null pointer dereference in PowerDNS Recursor, resulting in an application crash and loss of service. The vulnerability directly lowers availability and can be triggered by delivering a specially crafted zone file to a recursor that otherwise accepts external zones for resolving queries. The primary weakness is lack of proper input validation before accessing internal data structures.", "risk_and_exploitability": "The CVSS score is 4.4, indicating moderate severity. EPSS is not available, and the flaw is not yet listed in the CISA KEV catalog, showing it is not widely exploited yet. The likelihood of exploitation depends on an attacker\u2019s ability to control an authoritative server or otherwise deliver a malicious zone to the recursor. If such conditions are met, the attacker can force the recursor to crash, causing a denial of service for users querying that recursor. The risk is mitigated by upgrading once a fix is released or by restricting zone sources."}}}}, "created": "2026-04-22T11:30:15.170396+00:00", "updated": "2026-04-22T11:30:15.372290+00:00", "vendors": ["powerdns", "powerdns$PRODUCT$recursor"], "weaknesses": ["CWE-476"]}