Zero Day MonitorZDM

← Back to list

5.9

CVE-2026-27853EXPLOITEDPATCHED

powerdns · dnsdist

Out-of-bounds write when rewriting large DNS packets

Description

An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.

Affected Products

Vendor	Product	Versions
powerdns	dnsdist	1.9.0, 2.0.0

References

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html

Related News (2 articles)

Tier C

VulDB7h ago

CVE-2026-27853 | PowerDNS DNSdist up to 1.9.11/2.0.2 out-of-bounds write

→ No new info (linked only)

Tier B

BSI Advisories8h ago

[NEU] [hoch] PowerDNS: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.15.9 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available1.9.12, 2.0.3

PublishedMar 31, 2026

Last enriched6h agov2

Tags

CVE-2026-27853

Trending Score53

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-24028EXP

Out-of-bounds read when parsing DNS packets via Lua

MEDIUMCVE-2026-24029EXP

DNS over HTTPS ACL bypass

MEDIUMCVE-2026-24030

Unbounded memory allocation for DoQ and DoH3

LOWCVE-2026-0396

HTML injection in the web dashboard

MEDIUMCVE-2026-27854

Use after free when parsing EDNS options in Lua

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 31, 2026

Discovered by ZDM

Mar 31, 2026

Updated: severity, affectedVersions, activelyExploited, cweIds, tags

Mar 31, 2026

Actively Exploited

Mar 31, 2026

Patch Available

Mar 31, 2026

Version History

v2

Last enriched 6h ago

v2Tier C6h ago

Updated severity to CRITICAL, added affected version 2.0.2, and noted that the exploit is not available.

severityaffectedVersionsactivelyExploitedcweIdstags

via VulDB

v17h ago

Initial creation