CVE-2026-33608

low-risk

Published 2026-04-22

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.4/10 High

NETWORK / HIGH complexity

Affected Products (1)

Authoritative

Affected Vendors

Powerdns

References (1)

Broken Link https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-po...

/ 100

low-risk

Severity 22/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal