VYPR
Medium severity5.3NVD Advisory· Published Apr 22, 2026· Updated Apr 27, 2026

CVE-2026-33257

CVE-2026-33257

Description

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*range: >=4.9.0,<4.9.14
    • (no CPE)
  • PowerDNS/Dnsdist2 versions
    cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*range: >=1.9.0,<1.9.13
    • (no CPE)
  • PowerDNS/Recursor3 versions
    cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*range: >=5.2.0,<5.2.9
    • cpe:2.3:a:powerdns:recursor:5.4.0:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.