Zero Day MonitorZDM

← Back to list

4.8

CVE-2026-27854PATCHED

powerdns · dnsdist

Use after free when parsing EDNS options in Lua

Description

An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a use-after-free and potentially a crash resulting in denial of service.

Affected Products

Vendor	Product	Versions
powerdns	dnsdist	1.9.0, 2.0.0

References

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html

Related News (2 articles)

Tier C

VulDB7h ago

CVE-2026-27854 | PowerDNS DNSdist up to 1.9.11/2.0.2 denial of service

→ No new info (linked only)

Tier B

BSI Advisories8h ago

[NEU] [hoch] PowerDNS: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.14.8 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available1.9.12, 2.0.3

PublishedMar 31, 2026

Last enriched6h agov2

Tags

CVE-2026-27854

Trending Score34

Source articles2

Independent2

Info Completeness8/14

Missing: epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-24028EXP

Out-of-bounds read when parsing DNS packets via Lua

MEDIUMCVE-2026-24029EXP

DNS over HTTPS ACL bypass

MEDIUMCVE-2026-27853EXP

Out-of-bounds write when rewriting large DNS packets

MEDIUMCVE-2026-24030

Unbounded memory allocation for DoQ and DoH3

LOWCVE-2026-0396

HTML injection in the web dashboard

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 31, 2026

Discovered by ZDM

Mar 31, 2026

Updated: affectedVersions, severity, tags

Mar 31, 2026

Patch Available

Mar 31, 2026

Version History

v2

Last enriched 6h ago

v2Tier C6h ago

Updated affected versions to include 1.9.11 and 2.0.2, changed severity to HIGH, and noted that no exploit is available.

affectedVersionsseveritytags

via VulDB

v17h ago

Initial creation