CVE-2026-33608CRITICAL 9.8EPSS p29.9%

CVE-2026-33608CVE-2026-33608

Description

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.38% probability of exploitation · percentile 29.9% · 2026-06-19T12:03:05Z
Published2026-04-22
Last modified2026-04-24

Underlying weaknesses· 1

CWE-94

References

  1. https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-33599
CVE
CVE-2026-33602
CVE
CVE-2026-33615
CVE
CVE-2026-42000
CVE
CVE-2026-32992
CVE
CVE-2026-23899
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.