Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Recursor — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in Recursor, with AI-generated Chinese analysis, references, and POCs.

Vendor: PowerDNS

CVE IDTitleCVSSSeverityPublished
CVE-2026-33262 Insufficient validation of cookie reply 5.9 Medium2026-04-22
CVE-2026-33261 Null pointer accces in aggressive NSEC(3) cache 5.9 Medium2026-04-22
CVE-2026-33259 Concurrent modification of RPZ data can lead to denial of servce 5.0 Medium2026-04-22
CVE-2026-33258 Crafted zones can cause increased resource usage 5.3 Medium2026-04-22
CVE-2026-33256 Unbounded memory allocation by internal web server 5.3 Medium2026-04-22
CVE-2026-33601 Insufficient validation of zonemd record 4.4 Medium2026-04-22
CVE-2026-33600 Null pointer dereference in RPZ transfer 4.4 Medium2026-04-22
CVE-2025-59024 Crafted delegations or IP fragments can poison cached delegations in Recursor 6.5 Medium2026-02-09
CVE-2025-59023 Crafted delegations or IP fragments can poison cached delegations in Recursor 8.2 High2026-02-09
CVE-2026-24027 Crafted zones can lead to increased incoming network traffic 5.3 Medium2026-02-09
CVE-2026-0398 Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor 5.3 Medium2026-02-09
CVE-2025-59029 Internal logic flaw in cache management can lead to a denial of service in PowerDNS Recursor CWE-617 5.3 Medium2025-12-09
CVE-2025-59030 Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor CWE-276 7.5 High2025-12-09
CVE-2025-30192 A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts CWE-345 7.5 High2025-07-21
CVE-2025-30195 A crafted zone can lead to an illegal memory access in the PowerDNS Recursor CWE-476 7.5 High2025-04-07
CVE-2024-25590 Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor CWE-20 7.5 High2024-10-03
CVE-2024-25583 Crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured CWE-20 7.5 High2024-04-25
CVE-2023-26437 Deterred spoofing attempts can lead to authoritative servers being marked unavailable 3.4 Low2023-04-04

All 18 known CVE vulnerabilities affecting Recursor with full Chinese analysis, references, and POCs where available.