Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Recursor — Vulnerabilities & Security Advisories 25

All 25 CVE vulnerabilities found in Recursor, with AI-generated Chinese analysis, references, and POCs.

This page documents known vulnerabilities for the Recursor, a recursive DNS server, categorized by Common Weakness Enumerations and associated tags. The content aggregates security issues ranging from critical remote code execution flaws to minor information disclosure bugs, covering the period from the product's initial release through current updates. Users can utilize this resource to track vendor advisories and patch releases, gain a deeper understanding of specific weakness classes affecting DNS infrastructure, or look up a complete history of vulnerabilities associated with this particular product version. The aggregation aims to provide a centralized view of the security landscape for Recursor, allowing administrators and security researchers to assess risk exposure without navigating multiple disparate sources. By consolidating data from various reporting channels, the page facilitates better situational awareness and informed decision-making regarding system hardening and remediation strategies. This approach supports compliance audits and incident response planning by presenting a chronological and categorized record of security defects. The information presented is intended for technical audiences who require precise details on affected versions, severity ratings, and available fixes. It does not cover theoretical vulnerabilities or those that have not been confirmed by the vendor. The scope is strictly limited to publicly disclosed and verified issues relevant to the Recursor software component. This ensures that the data remains actionable and reliable for enterprise security operations and individual system administrators managing DNS resolution infrastructure.

Vendor: PowerDNS

CVE IDTitleCVSSSeverityPublished
CVE-2026-42389 Reject more queries with invalid header values 5.3 Medium2026-06-25
CVE-2026-52690 Spoofed answers can mark an authoritative non-EDNS capable 5.9 Medium2026-06-25
CVE-2026-42390 ZONEMD validation can be bypassed 5.3 Medium2026-06-25
CVE-2026-42388 Missing input validation for catalog zones 5.9 Medium2026-06-25
CVE-2026-42387 Insufficient input validation in ZoneToCache 5.9 Medium2026-06-25
CVE-2026-40012 Information about ECS zero scoped answers might leak to clients that use a specific ECS 5.3 Medium2026-06-25
CVE-2026-33612 ZoneToCache can poison the cache 7.5 High2026-06-25
CVE-2026-33262 Insufficient validation of cookie reply 5.9 Medium2026-04-22
CVE-2026-33261 Null pointer accces in aggressive NSEC(3) cache 5.9 Medium2026-04-22
CVE-2026-33259 Concurrent modification of RPZ data can lead to denial of servce 5.0 Medium2026-04-22
CVE-2026-33258 Crafted zones can cause increased resource usage 5.3 Medium2026-04-22
CVE-2026-33256 Unbounded memory allocation by internal web server 5.3 Medium2026-04-22
CVE-2026-33601 Insufficient validation of zonemd record 4.4 Medium2026-04-22
CVE-2026-33600 Null pointer dereference in RPZ transfer 4.4 Medium2026-04-22
CVE-2025-59024 Crafted delegations or IP fragments can poison cached delegations in Recursor 6.5 Medium2026-02-09
CVE-2025-59023 Crafted delegations or IP fragments can poison cached delegations in Recursor 8.2 High2026-02-09
CVE-2026-24027 Crafted zones can lead to increased incoming network traffic 5.3 Medium2026-02-09
CVE-2026-0398 Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor 5.3 Medium2026-02-09
CVE-2025-59029 Internal logic flaw in cache management can lead to a denial of service in PowerDNS Recursor CWE-617 5.3 Medium2025-12-09
CVE-2025-59030 Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor CWE-276 7.5 High2025-12-09
CVE-2025-30192 A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts CWE-345 7.5 High2025-07-21
CVE-2025-30195 A crafted zone can lead to an illegal memory access in the PowerDNS Recursor CWE-476 7.5 High2025-04-07
CVE-2024-25590 Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor CWE-20 7.5 High2024-10-03
CVE-2024-25583 Crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured CWE-20 7.5 High2024-04-25
CVE-2023-26437 Deterred spoofing attempts can lead to authoritative servers being marked unavailable 3.4 Low2023-04-04

All 25 known CVE vulnerabilities affecting Recursor with full Chinese analysis, references, and POCs where available.