CVE-2026-45557 Technitium CVE debrief

Who should care

Administrators and operators running Technitium DNS Server, especially systems that resolve external or attacker-controlled domains and environments that rely on DNSSEC validation.

Technical summary

According to the supplied NVD description, vulnerable Technitium DNS Server instances over-aggressively attempt to fetch missing RRSIG records or DNSKEY records that do not match. Because the behavior can be triggered by a domain under attacker control, the resolver may repeatedly generate outbound DNS traffic and consume network resources. The issue is scored as medium severity and is fixed in Technitium DNS Server 15.0.

Defensive priority

Medium priority. Patch promptly if you run Technitium DNS Server, especially on resolvers exposed to untrusted DNS queries or high-volume DNSSEC traffic.

Recommended defensive actions

• Upgrade Technitium DNS Server to version 15.0 or later.
• Verify every deployed instance is on the fixed version, including backups, replicas, and container images.
• Monitor for unusual outbound DNS traffic or repeated lookups involving RRSIG and DNSKEY records.
• Review logs for patterns of repeated DNSSEC-related retries that could indicate exposure to this issue.
• If immediate patching is not possible, reduce exposure by limiting untrusted query sources and closely watching resolver resource usage.

Evidence notes

This debrief is based on the supplied NVD record and its reference metadata. The record states that CVE-2026-45557 was published on 2026-05-19, that NVD status was 'Awaiting Analysis' at capture time, and that the issue affects Technitium DNS Server with a fix in 15.0. The supplied corpus did not include the full text of the referenced changelog or CSAF file, so this summary relies on the NVD description and reference pointers only.

Official resources