Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-42387— Insufficient input validation in ZoneToCache

CVSS 5.9 · Medium EPSS 0.40% · P32

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 3

VendorProductVersion RangeStatus
PowerDNSRecursor5.2.0< 5.2.11affected
5.3.0< 5.3.8affected
5.4.0< 5.4.3affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-42387

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Insufficient input validation in ZoneToCache
Source: NVD (National Vulnerability Database)
Vulnerability Description
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
PowerDNS Recursor 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PowerDNS recursor是PowerDNS公司开源的一款域名系统递归解析器。 PowerDNS Recursor 5.2.0之前版本、5.3.0之前版本和5.4.0之前版本存在输入验证错误漏洞,该漏洞源于输入验证不足,可能导致恶意权威服务器通过ZoneToCache函数发送特制区域,从而造成崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
PowerDNSRecursor 5.2.0 ~ 5.2.11 -

II. Public POCs for CVE-2026-42387

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-42387

登录查看更多情报信息。

Vendor Advisories for CVE-2026-42387 (1)

Same Patch Batch · PowerDNS · 2026-06-25 · 14 CVEs total

CVE-2026-336127.5 HIGHZoneToCache can poison the cache
CVE-2026-423885.9 MEDIUMMissing input validation for catalog zones
CVE-2026-526905.9 MEDIUMSpoofed answers can mark an authoritative non-EDNS capable
CVE-2026-423905.3 MEDIUMZONEMD validation can be bypassed
CVE-2026-423895.3 MEDIUMReject more queries with invalid header values
CVE-2026-402095.3 MEDIUMDenial of service via IXFR queries
CVE-2026-402115.3 MEDIUMDenial of service via crafted DoH3 queries
CVE-2026-400125.3 MEDIUMInformation about ECS zero scoped answers might leak to clients that use a specific ECS
CVE-2026-402104.8 MEDIUMOut-of-bounds read in SetMacAddrAction
CVE-2026-420054.3 MEDIUMInsufficient input validation of internal web server
CVE-2026-420043.7 LOWEDNS options smuggling
CVE-2026-400113.7 LOWPrometheus denial of service via crafted DNS queries
CVE-2026-402083.7 LOWDenial of service via DoH3 queries

IV. Related Vulnerabilities

V. Comments for CVE-2026-42387

No comments yet


Leave a comment