Cyber Resilience

CVE-2026-33608

HighRCE

Published: 22 April 2026

Published
22 April 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0038 30.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-33608 is a high-severity Code Injection (CWE-94) vulnerability in Powerdns Authoritative. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-33608 affects the bind backend in PowerDNS Authoritative Server. The vulnerability enables an attacker to send a notify request that adds a new secondary domain to the backend, but simultaneously updates its configuration to an invalid state. As a result, the backend fails to run upon the next restart, requiring manual intervention to repair.

A remote network attacker with no privileges or user interaction needed can exploit this vulnerability, though it demands high attack complexity. Exploitation achieves high integrity and availability impacts by corrupting the backend configuration, leading to denial of service after restart, consistent with the CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) and CWE-94.

The PowerDNS security advisory at https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html details mitigation measures and available patches.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to…

more

run on the next restart, requiring manual operation to fix it.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability description directly describes remote unauthenticated exploitation of a public-facing application (PowerDNS) to corrupt configuration and cause denial of service on restart, mapping to T1190 (Exploit Public-Facing Application) as the attack vector and T1499.004 (Application or System Exploitation) as the resulting endpoint DoS impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33610Same product: Powerdns Authoritative
CVE-2026-42001Same product: Powerdns Authoritative
CVE-2026-33257Same product: Powerdns Authoritative
CVE-2026-33260Same product: Powerdns Authoritative
CVE-2026-27854Same vendor: Powerdns
CVE-2026-24030Same vendor: Powerdns
CVE-2026-33598Same vendor: Powerdns
CVE-2026-33258Same vendor: Powerdns
CVE-2026-24028Same vendor: Powerdns
CVE-2026-33602Same vendor: Powerdns

Affected Assets

powerdns
authoritative
4.9.0 — 4.9.14 · 5.0.0 — 5.0.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly mitigates CVE-2026-33608 by applying vendor patches that prevent invalid configuration updates from malformed notify requests.

prevent

Information input validation checks notify requests for validity, preventing the addition of secondary domains that corrupt backend configuration.

detect

Software, firmware, and information integrity monitoring detects unauthorized changes to backend configuration files caused by exploited notify requests.

References