Medium severity6.5NVD Advisory· Published Apr 22, 2026· Updated May 12, 2026

CVE-2026-33611

Description

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.

Affected products

PowerDNS/Authoritative
cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*
Range: >=4.9.0,<4.9.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.htmlnvdBroken Link

News mentions

Bypassing On-Camera Age-Verification Checks
Schneier on Security · May 15, 2026
How AI Hallucinations Are Creating Real Security Risks
The Hacker News · May 14, 2026
Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code
Rapid7 Blog · May 8, 2026
When DNSSEC goes wrong: how we responded to the .de TLD outage
Cloudflare Blog · May 6, 2026
One in four MCP servers opens AI agent security to code execution risk
Help Net Security · May 5, 2026
Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation
The Register Security · May 5, 2026
Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation
The Register Security · May 5, 2026
Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia
Dark Reading · May 4, 2026
Yet another experiment proves it's too damn simple to poison large language models
The Register Security · Apr 29, 2026
Redirects for AI Training enforces canonical content
Cloudflare Blog · Apr 17, 2026
AI Threat Landscape Digest January-February 2026
Check Point Research · Mar 29, 2026

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000