Primary

Context

PowerDNS Recursor Crafted Zone Traffic Increase Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in PowerDNS Recursor versions up to and including 5.1.9, 5.2.7, and 5.3.4. The issue arises from the handling of crafted zones, which can lead to increased incoming network traffic, causing a strain on resources.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, where the increased network traffic disrupts normal operations and resource availability.

Reproduction

The vulnerability can be reproduced by publishing a crafted DNS zone that is designed to generate excessive incoming network traffic when queried. This can be done by manipulating the zone data to create a higher volume of queries or responses that the server must process, thereby increasing resource usage and network load.

Remediation

Users are advised to upgrade to PowerDNS Recursor versions 5.1.10, 5.2.8, or 5.3.5, which contain the necessary patches to address this vulnerability.

Added: Feb 9, 2026, 3:18 PM

Updated: Feb 9, 2026, 4:11 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

8.1

remediation

7.7

relevance

2.6

threat

1.6

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

8.1

remediation

7.7

relevance

2.6

threat

1.6

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS Recursor Crafted Zone Traffic Increase Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

PowerDNS Recursor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating