CVE-2026-33608
Published: 22 April 2026
Summary
CVE-2026-33608 is a high-severity Code Injection (CWE-94) vulnerability in Powerdns Authoritative. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 0.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly mitigates CVE-2026-33608 by applying vendor patches that prevent invalid configuration updates from malformed notify requests.
Information input validation checks notify requests for validity, preventing the addition of secondary domains that corrupt backend configuration.
Software, firmware, and information integrity monitoring detects unauthorized changes to backend configuration files caused by exploited notify requests.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability description directly describes remote unauthenticated exploitation of a public-facing application (PowerDNS) to corrupt configuration and cause denial of service on restart, mapping to T1190 (Exploit Public-Facing Application) as the attack vector and T1499.004 (Application or System Exploitation) as the resulting endpoint DoS impact.
NVD Description
An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to…
more
run on the next restart, requiring manual operation to fix it.
Deeper analysisAI
CVE-2026-33608 affects the bind backend in PowerDNS Authoritative Server. The vulnerability enables an attacker to send a notify request that adds a new secondary domain to the backend, but simultaneously updates its configuration to an invalid state. As a result, the backend fails to run upon the next restart, requiring manual intervention to repair.
A remote network attacker with no privileges or user interaction needed can exploit this vulnerability, though it demands high attack complexity. Exploitation achieves high integrity and availability impacts by corrupting the backend configuration, leading to denial of service after restart, consistent with the CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) and CWE-94.
The PowerDNS security advisory at https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html details mitigation measures and available patches.
Details
- CWE(s)