PowerDNS Team reports:
- CVE-2026-33257: Insufficient input validation of internal webserver
- CVE-2026-33260: Insufficient input validation of internal webserver
- CVE-2026-33608: Incomplete domain name sanitization during Bind autosecondary zone transfer
- CVE-2026-33609: LDAP DN injection
- CVE-2026-33610: Possible file descriptor exhaustion in forward-dnsupdate
- CVE-2026-33611: Insufficient validation of HTTPS and SVCB records
Thanks to people below for reporting these vulnerabilities:
- Vitaly Simonovich
- Cavid
- Tibs
- ylwango613
- CVE-2026-42005: Insufficient input validation of internal web server
Thanks to ilya rozentsvaig for reporting this vulnerability.