CVE-2026-40012EXPLOITEDPATCHED

broadcom · symantec endpoint security (ses)

Information about ECS zero scoped answers might leak to clients that use a specific ECS

Description

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;

Affected Products

Vendor	Product	Versions
broadcom	symantec endpoint security (ses)	5.2.0, 5.3.0, 5.4.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
debian	debian linux	cert_advisory	90%
open source	powerdns	cert_advisory	90%

References

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html

Related News (3 articles)

Tier B

BSI Advisories1d ago

[NEU] [hoch] PowerDNS: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

oss-security2d ago

PowerDNS Security Advisory 2026-08 for PowerDNS Recursor: Multiple issues

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-40012 | PowerDNS Recursor up to 5.2.10/5.3.7/5.4.2 Configuration information disclosure

→ No new info (linked only)

CVSS 3.15.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

5.2.115.3.85.4.3

PublishedJun 25, 2026

Last enriched2d agov2

Trending Score55

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-44838EXP

RabbitMQ MQTT Topic Permission Authorization Bypass

Trending: 12

HIGHCVE-2026-41708EXP

Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability

Trending: 12

NONECVE-2026-11626

Local Privilege Escalation in Symantec Endpoint Protection macOS CleanWipe Removal Tool

Trending: 6

CRITICALPRE-CVEEXP

Multiple Critical Vulnerabilities in VMware Tanzu Products

Trending: 2

NONECVE-2026-11815

Insecure Deserialization via MITM in Layer 7 Policy Manager

Trending: 2

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 25, 2026

Discovered by ZDM

Jun 25, 2026

Updated: affectedVersions, severity, activelyExploited, cweIds

Jun 25, 2026

Actively Exploited

Jun 25, 2026

Patch Available

Jun 25, 2026

Version History

Last enriched 2d ago

v2Tier C2d ago

Updated affected versions to include 5.2.10, 5.3.7, and 5.4.2, changed severity to HIGH, and noted that no exploit is available.

affectedVersionsseverityactivelyExploitedcweIds

via VulDB

v12d ago

Initial creation