CVE-2026-33258 MEDIUM

CVE-2026-33258: Crafted zones can cause increased resource usage

Vendor Powerdns
Product Recursor
Published April 22, 2026
Last update April 22, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.

Key dates

02Disclosure timeline

April 22, 2026 CVE published
April 22, 2026 Record updated