Primary

Context

PowerDNS Recursor Delegation Cache Poisoning Vulnerability

Vulnerability

Patched

A vulnerability exists in PowerDNS Recursor versions prior to and including 5.1.7, 5.2.5, and 5.3.0, allowing crafted delegations or IP fragments to poison the cached delegation information. This issue arises from insufficient validation of received delegation data, which can be exploited by an attacker spoofing packets. The vulnerability leads to cache pollution, disrupting the normal caching mechanism of the DNS resolver.

Impact

Exploitation of this vulnerability causes cache pollution, where malicious delegation information is introduced into the cache, potentially leading to incorrect DNS resolution.

Remediation

Users are advised to upgrade to PowerDNS Recursor versions 5.1.8, 5.2.6, or 5.3.1, all of which include the necessary patches to address this vulnerability.

Added: Feb 9, 2026, 3:27 PM

Updated: Feb 9, 2026, 4:13 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

6.6

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

6.6

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS Recursor Delegation Cache Poisoning Vulnerability

Vulnerability

Impact

Remediation

Affected Products

PowerDNS Recursor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating