CVE-2026-42004 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2026-42004

CVE-2026-42004

Published:June 25, 2026

Updated:June 29, 2026

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.

Affected Packages

https://github.com/PowerDNS/pdns.git (GITHUB):

Affected version(s) >=dnsdist-1.9.0 <dnsdist-1.9.15

Fix Suggestion:

Update to version dnsdist-1.9.15

https://github.com/PowerDNS/pdns.git (GITHUB):

Affected version(s) >=dnsdist-2.0.0 <dnsdist-2.0.7

Fix Suggestion:

Update to version dnsdist-2.0.7

Related Resources (1)

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html

Do you need more information?

CVSS v4

Base Score:

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Misinterpretation of Input

CWE-115

EPSS

Base Score:

0.16