CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-33254

An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.1%

CVSS Severity

CVSS v3 Score 5.3

References

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html

Products affected by CVE-2026-33254

Powerdns » Dnsdist » Version: 1.9.0

cpe:2.3:a:powerdns:dnsdist:1.9.0
Powerdns » Dnsdist » Version: 1.9.1

cpe:2.3:a:powerdns:dnsdist:1.9.1
Powerdns » Dnsdist » Version: 1.9.10

cpe:2.3:a:powerdns:dnsdist:1.9.10
Powerdns » Dnsdist » Version: 1.9.11

cpe:2.3:a:powerdns:dnsdist:1.9.11
Powerdns » Dnsdist » Version: 1.9.12

cpe:2.3:a:powerdns:dnsdist:1.9.12
Powerdns » Dnsdist » Version: 1.9.2

cpe:2.3:a:powerdns:dnsdist:1.9.2
Powerdns » Dnsdist » Version: 1.9.3

cpe:2.3:a:powerdns:dnsdist:1.9.3
Powerdns » Dnsdist » Version: 1.9.4

cpe:2.3:a:powerdns:dnsdist:1.9.4
Powerdns » Dnsdist » Version: 1.9.5

cpe:2.3:a:powerdns:dnsdist:1.9.5
Powerdns » Dnsdist » Version: 1.9.6

cpe:2.3:a:powerdns:dnsdist:1.9.6
Powerdns » Dnsdist » Version: 1.9.7

cpe:2.3:a:powerdns:dnsdist:1.9.7
Powerdns » Dnsdist » Version: 1.9.8

cpe:2.3:a:powerdns:dnsdist:1.9.8
Powerdns » Dnsdist » Version: 1.9.9

cpe:2.3:a:powerdns:dnsdist:1.9.9
Powerdns » Dnsdist » Version: 2.0.0

cpe:2.3:a:powerdns:dnsdist:2.0.0
Powerdns » Dnsdist » Version: 2.0.1

cpe:2.3:a:powerdns:dnsdist:2.0.1
Powerdns » Dnsdist » Version: 2.0.2

cpe:2.3:a:powerdns:dnsdist:2.0.2
Powerdns » Dnsdist » Version: 2.0.3

cpe:2.3:a:powerdns:dnsdist:2.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-33254

Products

Pricing

Contact Us