CVE-2026-40011

Publié : 25 juin 2026

Modifié : 25 juin 2026

Score CVSS

3.7

LOW

Description détaillée

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Références et Patchs

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html

Dernières Vulnérabilités

CVE-2026-6432

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.

VOIR DÉTAILS

CVE-2026-57588

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

VOIR DÉTAILS

CVE-2026-57587

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

VOIR DÉTAILS