CVE-2026-33608

⚠️ high

Summary

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

CVSS Score

7.4

High

EPSS Score

0.0

Exploit Probability

Published Date

2026-04-22

First Seen: 2026-04-27

📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 57.0% of all 328,009 vulnerabilities in our database.

#141,114

Above average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Apr 22, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

🏆 Discovered By

Vitaly Simonovich

SSVC data provided by CISA

Last Modified 2026-04-24

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE IDs (Weakness Types)

CWE-94

📦 Affected Products 2

Vendor	Product	Status	Affected Versions
powerdns	authoritative	Affected	> 4.9.0 < 4.9.14
powerdns	authoritative	Affected	> 5.0.0 < 5.0.4

🔗 References 1

https://docs.powerdns.com/authoritative/security-adv...

Broken Link Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	Summary	Published
CVE-2026-41999	🔶 medium	4.8	Incorrect Behaviour of Views with TCP PROXY Requests	2026-05-21
CVE-2026-42000	🔶 medium	6.8	Insufficient Validation of Names During AXFR	2026-05-21
CVE-2026-42001	⚠️ high	7.5	Insufficient Validation of Autoprimary SOA Queries	2026-05-21
CVE-2026-42002	🔶 medium	5.9	Concurrency and locking defects in GSS-TSIG	2026-05-21
CVE-2026-42396	🔶 medium	4.9	Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail	2026-05-21
CVE-2026-33609	🔶 medium	5.3	Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domai...	2026-04-22

These CVEs affect the same products