← back
CVE-2026-33611

Insufficient validation of HTTPS and SVCB records

CVSS 6.5 MEDIUMEPSS 0.4%CWE-190
An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Affected products
PowerDNS · Authoritative

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html