Primary

Context

PowerDNS Recursor Resource Exhaustion and Cache Poisoning Vulnerability via Crafted Zones and CNAME Chains

Vulnerability

Patched

A vulnerability in PowerDNS Recursor has been identified, where crafted zones can lead to increased resource usage, and manipulated CNAME chains can cause cache poisoning. This issue affects PowerDNS Recursor versions prior to 5.1.10, 5.2.8, and 5.3.5.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing increased memory usage and network traffic.

Remediation

Users are advised to upgrade to PowerDNS Recursor versions 5.1.10, 5.2.8, or 5.3.5.

Added: Feb 9, 2026, 3:18 PM

Updated: Feb 9, 2026, 4:35 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

7.8

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

7.8

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS Recursor Resource Exhaustion and Cache Poisoning Vulnerability via Crafted Zones and CNAME Chains

Vulnerability

Impact

Remediation

Affected Products

PowerDNS Recursor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating