CVE-2026-40208

Source
https://cve.org/CVERecord?id=CVE-2026-40208
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40208.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-40208
Downstream
Published
2026-06-25T12:22:42.722Z
Modified
2026-07-15T01:49:12.918174165Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Denial of service via DoH3 queries
Details

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.

Database specific
{
    "cna_assigner": "OX",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40208.json"
}
References

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type
GIT
Repo
https://github.com/powerdns/pdns
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "1.9.0"
        },
        {
            "fixed": "1.9.15"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.7"
        }
    ]
}

Affected versions

dnsdist-1.*
dnsdist-1.9.0
dnsdist-1.9.1
dnsdist-1.9.10
dnsdist-1.9.11
dnsdist-1.9.14
dnsdist-1.9.2
dnsdist-1.9.3
dnsdist-1.9.4
dnsdist-1.9.5
dnsdist-1.9.6
dnsdist-1.9.7
dnsdist-1.9.8
dnsdist-1.9.9
dnsdist-2.*
dnsdist-2.0.0
dnsdist-2.0.1
dnsdist-2.0.2
dnsdist-2.0.5
dnsdist-2.0.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40208.json"