CVE-2026-0398Allocation of Resources Without Limits or Throttling in Recursor

CWE-770Allocation of Resources Without Limits or Throttling6 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 99.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Powerdns Recursor
Timeline
PublishedFeb 9

Description

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5powerdns/recursor5.3.05.3.5+2

🔴Vulnerability Details

3
CVEList
Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor2026-02-09
OSV
CVE-2026-0398: Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor2026-02-09
GHSA
GHSA-6253-fq97-5xpm: Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor2026-02-09

📋Vendor Advisories

1
Debian
CVE-2026-0398: pdns-recursor - Crafted zones can lead to increased resource usage and crafted CNAME chains can ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-0398 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-0398 — Powerdns Recursor vulnerability | cvebase