{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-33611","assignerOrgId":"8ce71d90-2354-404b-a86e-bec2cc4e6981","state":"PUBLISHED","assignerShortName":"OX","dateReserved":"2026-03-23T12:58:38.267Z","datePublished":"2026-04-22T14:01:10.135Z","dateUpdated":"2026-04-22T14:24:57.121Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8ce71d90-2354-404b-a86e-bec2cc4e6981","shortName":"OX","dateUpdated":"2026-04-22T14:01:10.135Z"},"title":"Insufficient validation of HTTPS and SVCB records","datePublic":"2026-04-08T22:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","description":"Integer Overflow or Wraparound","type":"CWE"}]}],"affected":[{"vendor":"PowerDNS","product":"Authoritative","collectionURL":"https://repo.powerdns.com/","packageName":"pdns","repo":"https://github.com/PowerDNS/pdns","modules":["SVCB/ALPN parsing"],"programFiles":["dnswriter.cc","rcpgenerator.cc"],"versions":[{"status":"affected","version":"5.0.0","lessThan":"5.0.4","versionType":"semver"},{"status":"affected","version":"4.9.0","lessThan":"4.9.14","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.</p>"}]}],"references":[{"url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"MEDIUM","baseScore":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"}}],"credits":[{"lang":"en","value":"Tibs","type":"finder"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.1"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-190","lang":"en","description":"CWE-190 Integer Overflow or Wraparound"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-22T14:24:04.530345Z","id":"CVE-2026-33611","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-22T14:24:57.121Z"}}]}}