CVE-2026-33602

>= 1.9.0 and < 1.9.13

A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an

6.5MEDIUM

CVE-2026-33599

>= 1.9.0 and < 1.9.13

A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the aut

3.1LOW

CVE-2026-33598

>= 1.9.0 and < 1.9.13

A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDom

4.8MEDIUM

CVE-2026-33597

>= 1.9.0 and < 1.9.13

PRSD detection denial of service

3.7LOW

CVE-2026-33596

>= 1.9.0 and < 1.9.13

A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a

3.1LOW

CVE-2026-33595

>= 1.9.0 and < 1.9.13

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as

5.3MEDIUM

CVE-2026-33594

>= 1.9.0 and < 1.9.13

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, caus

5.3MEDIUM

CVE-2026-33593

>= 1.9.0 and < 1.9.13

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.

7.5HIGH

CVE-2026-33254

>= 1.9.0 and < 1.9.13

An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and le

5.3MEDIUM

CVE-2026-33260

>= 1.9.0 and < 1.9.13

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of serv

5.3MEDIUM

CVE-2026-33257

>= 1.9.0 and < 1.9.13

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of serv

5.3MEDIUM

CVE-2026-27854

>= 1.9.0 and < 1.9.12

An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOpt

4.8MEDIUM

CVE-2026-27853

>= 1.9.0 and < 1.9.12

An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:ch

5.9MEDIUM

CVE-2026-24030

>= 1.9.0 and < 1.9.12

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 paylo

5.3MEDIUM

CVE-2026-24029

>= 1.9.0 and < 1.9.12

When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghtt

6.5MEDIUM

CVE-2026-24028

>= 1.9.0 and < 1.9.12

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses new

5.3MEDIUM

CVE-2026-0397

>= 1.9.0 and < 1.9.12

When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the da

3.1LOW

CVE-2026-0396

>= 1.9.0 and < 1.9.12

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist insta

3.1LOW

CVE-2018-14663

<= 1.3.2

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such t

5.9MEDIUM

CVE-2016-7069

<= 1.2.0

An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. Wh

5.9MEDIUM

CVE-2017-7557

all versions

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.

8.8HIGH