CVE-2026-42396

🔶 medium

🔍 Scan for this CVE

Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail

CVSS Score

4.9

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-05-21

First Seen: 2026-05-22

This CVE is Lower Risk - more severe than 14.8% of all 328,009 vulnerabilities in our database.

#279,467

Below average severity

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

🏆 Discovered By

ilhamaf

SSVC data provided by CISA

Last Modified 2026-05-26

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE IDs (Weakness Types)

CWE-94

📦 Affected Products 2

Vendor	Product	Status	Affected Versions
powerdns	authoritative	Affected	> 4.7.0 < 4.9.15
powerdns	authoritative	Affected	> 5.0.0 < 5.0.5

Broken Link

CVE ID	Severity	CVSS	Summary	Published
CVE-2026-41999	🔶 medium	4.8	Incorrect Behaviour of Views with TCP PROXY Requests	2026-05-21
CVE-2026-42000	🔶 medium	6.8	Insufficient Validation of Names During AXFR	2026-05-21
CVE-2026-42001	⚠️ high	7.5	Insufficient Validation of Autoprimary SOA Queries	2026-05-21
CVE-2026-42002	🔶 medium	5.9	Concurrency and locking defects in GSS-TSIG	2026-05-21
CVE-2026-33608	⚠️ high	7.4	An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes sai...	2026-04-22
CVE-2026-33609	🔶 medium	5.3	Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domai...	2026-04-22

These CVEs affect the same products