VYPR

Dnsdist

by PowerDNS

CVEs (25)

  • CVE-2026-33599LowApr 22, 2026
    risk 0.20cvss 3.1epss 0.00

    A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.

  • CVE-2026-33596LowApr 22, 2026
    risk 0.20cvss 3.1epss 0.00

    A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.

  • CVE-2026-0397LowMar 31, 2026
    risk 0.20cvss 3.1epss 0.00

    When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is…

  • CVE-2026-0396LowMar 31, 2026
    risk 0.20cvss 3.1epss 0.00

    An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.

  • CVE-2018-14663Nov 26, 2018
    risk 0.00cvss epss 0.02

    An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled…

Page 2 of 2