Cyber Posture

CVE-2026-42255

High

Published: 26 April 2026

Published
26 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
EPSS Score 0.0004 13.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-42255 is a high-severity Incorrect Provision of Specified Functionality (CWE-684) vulnerability in Technitium Dnsserver. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Reflection Amplification (T1498.002); ranked at the 13.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-21 (Secure Name/Address Resolution Service (Recursive or Caching Resolver)) and SC-5 (Denial-of-service Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Reflection Amplification (T1498.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver) good match
prevent

Directly addresses DNS amplification via cyclic delegation in recursive resolvers by requiring validation of responses, trusted sources, and restrictions on query propagation.

SC-5 Denial-of-service Protection good match
prevent

Provides protection against denial-of-service events including traffic amplification attacks like those exploiting cyclic name server delegation.

SI-2 Flaw Remediation good match
prevent

Ensures timely flaw remediation by requiring upgrades to patched versions such as Technitium DNS Server 15.0 that fix cyclic delegation amplification.

MITRE ATT&CK Enterprise TechniquesAI

T1498.002 Reflection Amplification Impact
Adversaries may attempt to cause a denial of service (DoS) by reflecting a high-volume of network traffic to a target.
attack.mitre.org →
Why these techniques?

Vulnerability enables DNS reflection/amplification attacks for network denial of service through cyclic delegation and recursive query mishandling.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.

Deeper analysisAI

CVE-2026-42255 is a vulnerability in Technitium DNS Server versions prior to 15.0 that enables DNS traffic amplification through cyclic name server delegation, as classified under CWE-684. This flaw allows attackers to exploit improper handling of recursive DNS queries, leading to amplified responses. The vulnerability received a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L), indicating high severity due to its network accessibility, low complexity, and lack of required privileges or user interaction.

Unauthenticated attackers with network access can exploit this vulnerability remotely by crafting DNS queries that trigger cyclic delegations, causing the server to generate significantly larger response traffic than the initial query. This results in a denial-of-service condition through traffic amplification, with low impacts on integrity (such as potential query poisoning) and availability, while changing the scope to affect dependent systems.

The Technitium DNS Server changelog at https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#technitium-dns-server-change-log documents the fix in version 15.0, recommending administrators upgrade to this or later versions to mitigate the issue by preventing cyclic delegation amplification. No workarounds are specified in available references.

Details

CWE(s)
CWE-684

Affected Products

technitium
dnsserver
≤ 15.0

CVEs Like This One

CVE-2025-50334Same product: Technitium Dnsserver
CVE-2026-44597Shared CWE-684
CVE-2026-40684Shared CWE-684
CVE-2026-30791Shared CWE-684
CVE-2026-34478Shared CWE-684
CVE-2026-3598Shared CWE-684
CVE-2026-40685Shared CWE-684

References