CVE-2026-27854 Powerdns — Exploit & Vulnerability Details MEDIUM

CVE-2026-27854

MEDIUM CVSS 3.1: 4.8 EPSS 0.01%

Parameter	Value
CVSS	4.8 (MEDIUM)
Type	CWE-416 (Use After Free)
Vendor	Powerdns
Public PoC	No

An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a use-after-free and potentially a crash resulting in denial of service.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

None

No data modification

Availability

Low

Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-416 Use After Free

Vulnerable Products

powerdns:dnsdist

References 1

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-…

security@open-xchange.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-27853

Powerdns

5.9

CVE-2026-24030

Powerdns

5.3

CVE-2026-24029

Powerdns

6.5

CVE-2026-24028

Powerdns

5.3

CVE-2026-0397

Powerdns

3.1

Menu

CVE-2026-27854

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products

References 1

Related Vulnerabilities

CVE-2026-27853

CVE-2026-24030

CVE-2026-24029

CVE-2026-24028

CVE-2026-0397

CVE Details

Editor's Choice

Menu

CVE-2026-27854

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products

References 1

Related Vulnerabilities

CVE-2026-27853

CVE-2026-24030

CVE-2026-24029

CVE-2026-24028

CVE-2026-0397

CVE Details

Editor's Choice

Stay informed on cybersecurity