PowerDNS Denial-of-Service Vulnerability Due to NSEC to NSEC3 Zone Transition

Vulnerability

A denial-of-service vulnerability has been identified in PowerDNS Recursor. The issue arises when a zone transition from NSEC to NSEC3 occurs, potentially triggering an internal inconsistency that leads to a service disruption.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition, disrupting the normal operation of the PowerDNS Recursor service.

Added: Apr 22, 2026, 11:15 AM

Updated: Apr 22, 2026, 11:15 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

0.0

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

0.0

relevance

6.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerDNS Denial-of-Service Vulnerability Due to NSEC to NSEC3 Zone Transition

Vulnerability

Impact

Affected Products

PowerDNS Recursor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating