CVE-2026-24027
published 2026-02-09CVE-2026-24027: Crafted zones can lead to increased incoming network traffic.
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.40%
31.4th percentile
Crafted zones can lead to increased incoming network traffic.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pdns-recursor | < pdns-recursor 5.3.5-1 (forky) | pdns-recursor 5.3.5-1 (forky) |
| powerdns | recursor | >= 5.1.0 < 5.1.10 | 5.1.10 |
| powerdns | recursor | >= 5.2.0 < 5.2.8 | 5.2.8 |
| powerdns | recursor | >= 5.3.0 < 5.3.5 | 5.3.5 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv5.3MEDIUM
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m7h2-p2wj-5964: Crafted zones can lead to increased incoming network traffic
ghsa_unreviewed·2026-02-09
CVE-2026-24027 [MEDIUM] GHSA-m7h2-p2wj-5964: Crafted zones can lead to increased incoming network traffic
Crafted zones can lead to increased incoming network traffic.
OSV
CVE-2026-24027: Crafted zones can lead to increased incoming network traffic
osv·2026-02-09·CVSS 5.3
CVE-2026-24027 [MEDIUM] CVE-2026-24027: Crafted zones can lead to increased incoming network traffic
Crafted zones can lead to increased incoming network traffic.
Debian
CVE-2026-24027: pdns-recursor - Crafted zones can lead to increased incoming network traffic.
vendor_debian·2026·CVSS 5.3
CVE-2026-24027 [MEDIUM] CVE-2026-24027: pdns-recursor - Crafted zones can lead to increased incoming network traffic.
Crafted zones can lead to increased incoming network traffic.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 5.3.5-1)
sid: resolved (fixed in 5.3.5-1)
trixie: resolved (fixed in 5.2.8-0+deb13u1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-24027 pdns-recursor: crafted zones can lead to increased incoming network traffic [epel-9]
bugzilla·2026-02-09·CVSS 5.3
CVE-2026-24027 [MEDIUM] CVE-2026-24027 pdns-recursor: crafted zones can lead to increased incoming network traffic [epel-9]
CVE-2026-24027 pdns-recursor: crafted zones can lead to increased incoming network traffic [epel-9]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
---
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2026-24027 pdns-recursor: crafted zones can lead to increased incoming network traffic [epel-8]
bugzilla·2026-02-09·CVSS 5.3
CVE-2026-24027 [MEDIUM] CVE-2026-24027 pdns-recursor: crafted zones can lead to increased incoming network traffic [epel-8]
CVE-2026-24027 pdns-recursor: crafted zones can lead to increased incoming network traffic [epel-8]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
---
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Bugzilla
CVE-2026-24027 pdns-recursor: crafted zones can lead to increased incoming network traffic [fedora-43]
bugzilla·2026-02-09·CVSS 5.3
CVE-2026-24027 [MEDIUM] CVE-2026-24027 pdns-recursor: crafted zones can lead to increased incoming network traffic [fedora-43]
CVE-2026-24027 pdns-recursor: crafted zones can lead to increased incoming network traffic [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-2026-088b60c071 (pdns-recursor-5.4.3-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-088b60c071
Bugzilla
CVE-2026-24027 pdns-recursor: crafted zones can lead to increased incoming network traffic [fedora-42]
bugzilla·2026-02-09·CVSS 5.3
CVE-2026-24027 [MEDIUM] CVE-2026-24027 pdns-recursor: crafted zones can lead to increased incoming network traffic [fedora-42]
CVE-2026-24027 pdns-recursor: crafted zones can lead to increased incoming network traffic [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained ver
Wiz
CVE-2026-24027 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-24027 [MEDIUM] CVE-2026-24027 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24027 :
Linux Debian vulnerability analysis and mitigation
Crafted zones can lead to increased incoming network traffic.
Source : NVD
## 5.3
Score
Published February 9, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Linux Alpine
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
pdns-recursor
Sources
NVD
Alpine 3.23, edge Severity MEDIUM Has Fix Added at: Feb 11, 2026
Debian 11, 12 Severity MEDIUM No Fix Added at: Feb 10, 2026
Debian 13, 14 Severity MEDIUM Has Fix Added at: Feb 10, 2026
Echo Severity MEDIUM Has Fix Added at: Feb 10, 2026
## Get a CVE risk assessment
Get
2026-02-09
Published