PT-2026-52384 · Powerdns · Dnsdist

Vitaly Simonovich

Published

2026-06-25

Updated

2026-06-25

CVE-2026-42004

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-42004

Affected Products

Dnsdist

PT-2026-52384 · Powerdns · Dnsdist

CVE-2026-42004

Related Identifiers

Affected Products

References · 2