CVE-2026-24029

Source
https://cve.org/CVERecord?id=CVE-2026-24029
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24029.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-24029
Downstream
Related
Published
2026-03-31T11:59:12.903Z
Modified
2026-07-15T17:43:40.238133Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
DNS over HTTPS ACL bypass
Details

When the earlyacldrop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.

Database specific
{
    "cna_assigner": "OX",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24029.json"
}
References

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type
GIT
Repo
https://github.com/powerdns/pdns
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:powerdns:dnsdist:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.9.0"
        },
        {
            "fixed": "1.9.12"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.3"
        }
    ]
}

Affected versions

dnsdist-1.*
dnsdist-1.9.0
dnsdist-1.9.1
dnsdist-1.9.10
dnsdist-1.9.11
dnsdist-1.9.2
dnsdist-1.9.3
dnsdist-1.9.4
dnsdist-1.9.5
dnsdist-1.9.6
dnsdist-1.9.7
dnsdist-1.9.8
dnsdist-1.9.9
dnsdist-2.*
dnsdist-2.0.0
dnsdist-2.0.1
dnsdist-2.0.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24029.json"
vanir_signatures
[
    {
        "id": "CVE-2026-24029-04a7e606",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/powerdns/pdns/commit/0189ba2d45e4089e96ac7cf20107b53c3d950c18",
        "deprecated": false,
        "digest": {
            "function_hash": "115917283687646797612152934500653991308",
            "length": 712.0
        },
        "target": {
            "function": "commit",
            "file": "pdns/dnswriter.cc"
        }
    },
    {
        "id": "CVE-2026-24029-10fe9dd5",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/powerdns/pdns/commit/0189ba2d45e4089e96ac7cf20107b53c3d950c18",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "229422370193932003736801629782059731737",
                "155625244500594211228213399035438633931",
                "313569620401429196486420475929070083207",
                "262258081556750556752660325064154936830",
                "261524607193109820774511788789970753689",
                "224840026474672431780764172292318789401",
                "94722396775248696455080602786021695775",
                "67953038825452036287080585929861101364",
                "247245278680653474551016411281209915320",
                "49390244183205679453306064279324161998",
                "187526076509470891027456789414293794277",
                "179667263154874884913069248495285189953"
            ]
        },
        "target": {
            "file": "pdns/dnswriter.hh"
        }
    },
    {
        "id": "CVE-2026-24029-17fd9a31",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/powerdns/pdns/commit/0189ba2d45e4089e96ac7cf20107b53c3d950c18",
        "deprecated": false,
        "digest": {
            "function_hash": "304230221040377212026235390390096623365",
            "length": 579.0
        },
        "target": {
            "function": "startRecord",
            "file": "pdns/dnswriter.cc"
        }
    },
    {
        "id": "CVE-2026-24029-312fcb05",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/powerdns/pdns/commit/4108ae9f5f169166dba3e7f386be570304dfa224",
        "deprecated": false,
        "digest": {
            "function_hash": "293287316270370560739180217123376195271",
            "length": 765.0
        },
        "target": {
            "function": "GenericDNSPacketWriter",
            "file": "pdns/dnswriter.cc"
        }
    },
    {
        "id": "CVE-2026-24029-473c84d8",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/powerdns/pdns/commit/0189ba2d45e4089e96ac7cf20107b53c3d950c18",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "183421043140044496279349400231575759107",
                "251349920308246295978104801648023069450",
                "28642635541625691804083042581152612984",
                "224915214060203534132278242706412854865",
                "98839766232337312511836861524690368092",
                "126645698171526315900414052326775541111",
                "49394186405097400081296927075964031972",
                "142730675826428073799885595095608959080",
                "69193003306794942760983145403495782519",
                "299764809593253226555141103474505857966",
                "197906401537327262348174905401665059131",
                "130038206882420215841457758935844782999",
                "50491007501642267266985313309076392765",
                "138671939340006314878705549103569172351",
                "38296261983002678690814468639385234372",
                "74788794945422197446355928159564143255",
                "294417946066157898055004658136749549528",
                "125342687631857503977262529962524098550",
                "181649417601518024546151430303831592046",
                "149319747161839550639890973534143501061",
                "11858594431592960537250474395629773631",
                "35566537893156477073173386529361260621",
                "177918228035823124619155635413542849011",
                "286605542654169391373210982676605532839",
                "10261605748523454459972902826032563756",
                "79511176349076475420392133562053268055",
                "299535541127462875151653938347101220810",
                "55802239249377074431752627016746005568",
                "114128734507744090330089334809852234489",
                "307197940336625241552681760767839201390",
                "210830024964778104095334268316321976329",
                "126607712738306559054127559515440993987"
            ]
        },
        "target": {
            "file": "pdns/dnswriter.cc"
        }
    },
    {
        "id": "CVE-2026-24029-a6e6261c",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/powerdns/pdns/commit/4108ae9f5f169166dba3e7f386be570304dfa224",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "196750710981165019722567251179816899232",
                "143669205714038918598695895571400411566",
                "193390686121036593198491473821245491318",
                "311361033607077557922361869600726807444",
                "126645698171526315900414052326775541111",
                "49394186405097400081296927075964031972",
                "142730675826428073799885595095608959080",
                "69193003306794942760983145403495782519",
                "299764809593253226555141103474505857966",
                "197906401537327262348174905401665059131",
                "130038206882420215841457758935844782999",
                "50491007501642267266985313309076392765",
                "138671939340006314878705549103569172351",
                "38296261983002678690814468639385234372",
                "74788794945422197446355928159564143255",
                "294417946066157898055004658136749549528",
                "125342687631857503977262529962524098550",
                "181649417601518024546151430303831592046",
                "149319747161839550639890973534143501061",
                "11858594431592960537250474395629773631",
                "35566537893156477073173386529361260621",
                "177918228035823124619155635413542849011",
                "286605542654169391373210982676605532839",
                "10261605748523454459972902826032563756",
                "79511176349076475420392133562053268055",
                "299535541127462875151653938347101220810",
                "55802239249377074431752627016746005568",
                "114128734507744090330089334809852234489",
                "307197940336625241552681760767839201390",
                "210830024964778104095334268316321976329",
                "126607712738306559054127559515440993987"
            ]
        },
        "target": {
            "file": "pdns/dnswriter.cc"
        }
    },
    {
        "id": "CVE-2026-24029-a8a3535c",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/powerdns/pdns/commit/4108ae9f5f169166dba3e7f386be570304dfa224",
        "deprecated": false,
        "digest": {
            "function_hash": "115917283687646797612152934500653991308",
            "length": 712.0
        },
        "target": {
            "function": "commit",
            "file": "pdns/dnswriter.cc"
        }
    },
    {
        "id": "CVE-2026-24029-ac2a4831",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/powerdns/pdns/commit/0189ba2d45e4089e96ac7cf20107b53c3d950c18",
        "deprecated": false,
        "digest": {
            "function_hash": "237923018142754339126484177472725242543",
            "length": 811.0
        },
        "target": {
            "function": "GenericDNSPacketWriter",
            "file": "pdns/dnswriter.cc"
        }
    },
    {
        "id": "CVE-2026-24029-b17ae76b",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/powerdns/pdns/commit/4108ae9f5f169166dba3e7f386be570304dfa224",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "229422370193932003736801629782059731737",
                "155625244500594211228213399035438633931",
                "313569620401429196486420475929070083207",
                "262258081556750556752660325064154936830",
                "261524607193109820774511788789970753689",
                "224840026474672431780764172292318789401",
                "315940254261985147564291124921183973978",
                "152360280049728807497682525989562933889",
                "338093430369139786384801952396287736186",
                "335789422100191491914077385506040760206",
                "75948444701278049383198055959305260149",
                "179667263154874884913069248495285189953"
            ]
        },
        "target": {
            "file": "pdns/dnswriter.hh"
        }
    },
    {
        "id": "CVE-2026-24029-d5d6829b",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/powerdns/pdns/commit/4108ae9f5f169166dba3e7f386be570304dfa224",
        "deprecated": false,
        "digest": {
            "function_hash": "304230221040377212026235390390096623365",
            "length": 579.0
        },
        "target": {
            "function": "startRecord",
            "file": "pdns/dnswriter.cc"
        }
    }
]
vanir_signatures_modified
"2026-07-15T17:43:40Z"