A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33596.json",
"cna_assigner": "OX"
}[
{
"source": "https://github.com/powerdns/pdns/commit/642a2bb5b67b2bf5c856819273d8f41fecbc0da8",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"152898936404715912717012814958473792269",
"4575082192570469972237185990035341899",
"177678008705605303260633753884530753700",
"136680451824217662945478382805808332729",
"204969285221527224213910579710674063651",
"66014210593085438182573307698386496097",
"17525951591113452044796585153110335921"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-33596-2829cf85",
"target": {
"file": "pdns/dnscrypt.cc"
}
},
{
"source": "https://github.com/powerdns/pdns/commit/642a2bb5b67b2bf5c856819273d8f41fecbc0da8",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "172078194597412758162700597563448847475",
"length": 706.0
},
"deprecated": false,
"id": "CVE-2026-33596-4b79aae9",
"target": {
"function": "DNSCryptQuery::computePaddingSize",
"file": "pdns/dnscrypt.cc"
}
},
{
"source": "https://github.com/powerdns/pdns/commit/642a2bb5b67b2bf5c856819273d8f41fecbc0da8",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "219139187612696838153193600735147256736",
"length": 3007.0
},
"deprecated": false,
"id": "CVE-2026-33596-b8fc9376",
"target": {
"function": "DNSCryptQuery::encryptResponse",
"file": "pdns/dnscrypt.cc"
}
},
{
"source": "https://github.com/powerdns/pdns/commit/bfd0cbf4bf5c1f8757d0cd94c86ea88caf7b2f6d",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"6864841829016440226917919286801415092",
"177254253808237988567579585374243740684",
"281318965586644528261302210434407655020",
"236182772979616684272007619339406923158",
"321739554045469880473225520600194266713",
"204969285221527224213910579710674063651",
"66014210593085438182573307698386496097",
"17525951591113452044796585153110335921"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-33596-d901a0a8",
"target": {
"file": "pdns/dnsdistdist/dnscrypt.cc"
}
},
{
"source": "https://github.com/powerdns/pdns/commit/bfd0cbf4bf5c1f8757d0cd94c86ea88caf7b2f6d",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "276771802078087666188325581091504637136",
"length": 839.0
},
"deprecated": false,
"id": "CVE-2026-33596-e809c528",
"target": {
"function": "DNSCryptQuery::computePaddingSize",
"file": "pdns/dnsdistdist/dnscrypt.cc"
}
},
{
"source": "https://github.com/powerdns/pdns/commit/bfd0cbf4bf5c1f8757d0cd94c86ea88caf7b2f6d",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "259782563136530440917701746095514260405",
"length": 3491.0
},
"deprecated": false,
"id": "CVE-2026-33596-f8ee4cee",
"target": {
"function": "DNSCryptQuery::encryptResponse",
"file": "pdns/dnsdistdist/dnscrypt.cc"
}
}
]
"2026-07-15T19:09:26Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33596.json"