CVE-2026-42000 PowerDNS CVE debrief

Who should care

Operators and administrators of authoritative DNS infrastructure, especially environments that expose AXFR to secondary servers or other trusted peers, should review this issue and compare their deployments against the referenced PowerDNS advisory.

Technical summary

The source data describes a validation weakness during AXFR, with NVD assigning CVSS 3.1 vector AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N (6.8). That combination suggests a network-reachable issue that may require specific conditions, and whose primary risk is integrity impact rather than confidentiality or availability. The corpus does not include the advisory body itself, so affected versions, exact failure mode, and remediation details should be confirmed in the linked vendor notice.

Defensive priority

Medium. Confirm whether your authoritative DNS deployment is affected, then prioritize vendor guidance and patching because the issue can affect integrity through network-accessible AXFR handling.

Recommended defensive actions

• Open and review the linked PowerDNS advisory to confirm affected products and versions.
• Apply the vendor-recommended update or mitigation as soon as it is validated for your environment.
• Restrict AXFR to explicitly trusted secondary DNS servers and verify access-control settings.
• Audit authoritative DNS configurations for unintended zone-transfer exposure.
• Monitor DNS logs for unusual AXFR activity or unexpected transfer requests.
• Test changes in a staging environment before rollout to avoid disrupting name resolution.

Evidence notes

Evidence in the supplied corpus is limited to the NVD record, which cites a PowerDNS security advisory as the reference source. The title and CVSS vector support a network-reachable DNS integrity issue, but the corpus does not include the advisory text, affected versions, or a confirmed product mapping. Vendor attribution is therefore provisional.

Official resources