Every CVE whose affected-product data names Powerdns Dnsdist, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2017-7557 — CVSS 8.8 (high): dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
CVE-2026-33593 — CVSS 7.5 (high): A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.
CVE-2026-24029 — CVSS 6.5 (medium): When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2…
CVE-2026-33602 — CVSS 6.5 (medium): A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an…
CVE-2016-7069 — CVSS 5.9 (medium): An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When…
CVE-2018-14663 — CVSS 5.9 (medium): An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the…
CVE-2026-27853 — CVSS 5.9 (medium): An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName…
CVE-2026-24028 — CVSS 5.3 (medium): An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses…
CVE-2026-33254 — CVSS 5.3 (medium): An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to…
CVE-2026-33257 — CVSS 5.3 (medium): An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The…
CVE-2026-33260 — CVSS 5.3 (medium): An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The…
CVE-2026-33594 — CVSS 5.3 (medium): A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing…
CVE-2026-33595 — CVSS 5.3 (medium): A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some…
CVE-2026-24030 — CVSS 5.3 (medium): An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads…
CVE-2026-27854 — CVSS 4.8 (medium): An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions…
CVE-2026-33598 — CVSS 4.8 (medium): A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on…
CVE-2026-0397 — CVSS 3.1 (low): When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard…
CVE-2026-33599 — CVSS 3.1 (low): A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade…
CVE-2026-0396 — CVSS 3.1 (low): An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where…
CVE-2026-33596 — CVSS 3.1 (low): A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of…