PT-2026-52379 · Powerdns · Dnsdist

Haruki Oyama

Published

2026-06-25

Updated

2026-06-25

CVE-2026-40011

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-40011

Affected Products

Dnsdist

PT-2026-52379 · Powerdns · Dnsdist

CVE-2026-40011

Related Identifiers

Affected Products

References · 2