CVE-2026-33599

· NIST NVD ↗

A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.

LOW
CVSS severity
3.1
CVSS base score
2026-04-22
Published

CWE codes

CWE-125

Affected products

powerdns:dnsdist

Sources