CVE-2026-42001

⚠️ high

🔍 Scan for this CVE

Insufficient Validation of Autoprimary SOA Queries

CVSS Score

7.5

High

EPSS Score

0.0

Exploit Probability

Published Date

2026-05-21

First Seen: 2026-05-22

This CVE is Moderate Risk - more severe than 69.0% of all 327,035 vulnerabilities in our database.

#101,449

Above average severity

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

🏆 Discovered By

lazarux0x1337

SSVC data provided by CISA

Last Modified 2026-05-26

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE IDs (Weakness Types)

CWE-400

📦 Affected Products 2

Vendor	Product	Status	Affected Versions
powerdns	authoritative	Affected	> 4.1.0 < 4.9.15
powerdns	authoritative	Affected	> 5.0.0 < 5.0.5

Broken Link

CVE ID	Severity	CVSS	Summary	Published
CVE-2026-41999	🔶 medium	4.8	Incorrect Behaviour of Views with TCP PROXY Requests	2026-05-21
CVE-2026-42000	🔶 medium	6.8	Insufficient Validation of Names During AXFR	2026-05-21
CVE-2026-42002	🔶 medium	5.9	Concurrency and locking defects in GSS-TSIG	2026-05-21
CVE-2026-42396	🔶 medium	4.9	Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail	2026-05-21
CVE-2026-33608	⚠️ high	7.4	An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes sai...	2026-04-22
CVE-2026-33609	🔶 medium	5.3	Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domai...	2026-04-22

These CVEs affect the same products