CVE-2026-42004 - Vulnerability Details - OpenCVE

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html

History

Thu, 25 Jun 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-115
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 25 Jun 2026 13:00:00 +0000

Type	Values Removed	Values Added
Description		An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.
Title		EDNS options smuggling
References		https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html
Metrics		cvssV3_1 `{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: OX

Published: 2026-06-25T12:24:20.140Z

Updated: 2026-06-25T13:44:07.962Z

Reserved: 2026-04-23T11:15:21.198Z

Link: CVE-2026-42004

Vulnrichment

Updated: 2026-06-25T13:43:59.267Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-42004", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "state": "PUBLISHED", "assignerShortName": "OX", "dateReserved": "2026-04-23T11:15:21.198Z", "datePublished": "2026-06-25T12:24:20.140Z", "dateUpdated": "2026-06-25T13:44:07.962Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-06-25T12:24:20.140Z"}, "title": "EDNS options smuggling", "datePublic": "2026-06-24T22:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "description": "Misinterpretation of Input", "type": "CWE"}]}], "affected": [{"vendor": "PowerDNS", "product": "DNSdist", "collectionURL": "https://repo.powerdns.com/", "packageName": "dnsdist", "repo": "https://github.com/PowerDNS/pdns", "modules": ["EDNS processing"], "programFiles": ["dnsdist-ecs.cc"], "versions": [{"status": "affected", "version": "1.9.0", "lessThan": "1.9.15", "versionType": "semver"}, {"status": "affected", "version": "2.0.0", "lessThan": "2.0.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist\u2019s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist\u2019s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.</p>"}]}], "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "LOW", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "credits": [{"lang": "en", "value": "Vitaly Simonovich", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-115", "lang": "en", "description": "CWE-115 Misinterpretation of Input"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-25T13:44:02.980438Z", "id": "CVE-2026-42004", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-25T13:44:07.962Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-42004", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-25T13:44:02.980438Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-115", "description": "CWE-115 Misinterpretation of Input"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-25T13:43:59.267Z"}}], "cna": {"title": "EDNS options smuggling", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Vitaly Simonovich"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/PowerDNS/pdns", "vendor": "PowerDNS", "modules": ["EDNS processing"], "product": "DNSdist", "versions": [{"status": "affected", "version": "1.9.0", "lessThan": "1.9.15", "versionType": "semver"}, {"status": "affected", "version": "2.0.0", "lessThan": "2.0.7", "versionType": "semver"}], "packageName": "dnsdist", "programFiles": ["dnsdist-ecs.cc"], "collectionURL": "https://repo.powerdns.com/", "defaultStatus": "unaffected"}], "datePublic": "2026-06-24T22:00:00.000Z", "references": [{"url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist\u2019s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.", "supportingMedia": [{"type": "text/html", "value": "<p>An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist\u2019s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "Misinterpretation of Input"}]}], "providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-06-25T12:24:20.140Z"}}}, "cveMetadata": {"cveId": "CVE-2026-42004", "state": "PUBLISHED", "dateUpdated": "2026-06-25T13:44:07.962Z", "dateReserved": "2026-04-23T11:15:21.198Z", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "datePublished": "2026-06-25T12:24:20.140Z", "assignerShortName": "OX"}, "dataVersion": "5.2"}