CVE-2026-33611

Description

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.

How to fix CVE-2026-33611

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Debian/pdns—no fix listed

Is CVE-2026-33611 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2026-33611