Nixpkgs security tracker

Untriaged

Permalink CVE-2026-42001

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 1 week, 2 days ago Activity log

Created suggestion 1 week, 2 days ago

Insufficient Validation of Autoprimary SOA Queries

References

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-p…

Affected products

pdns

<4.9.15
<5.0.5

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

nixos-unstable 5.0.4
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.0.4
nixos-25.11 4.9.14
- nixos-25.11-small 4.9.14
- nixpkgs-25.11-darwin 4.9.14

pkgs.pdnsd

Permanent DNS caching

nixos-unstable 1.2.9a-par
- nixpkgs-unstable 1.2.9a-par
- nixos-unstable-small 1.2.9a-par
nixos-25.11 1.2.9a-par
- nixos-25.11-small 1.2.9a-par
- nixpkgs-25.11-darwin 1.2.9a-par

pkgs.pdnsgrep

Search tool for PowerDNS logs

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.4.1
- nixpkgs-unstable 5.4.1
- nixos-unstable-small 5.4.1
nixos-25.11 5.2.9
- nixos-25.11-small 5.2.9
- nixpkgs-25.11-darwin 5.2.9

pkgs.home-assistant-component-tests.namecheapdns

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

Package maintainers

@NickCao Nick Cao <nickcao@nichi.co>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@rwxd rwxd <git@rwxd.de>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2026-42396

4.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 1 week, 2 days ago Activity log

Created suggestion 1 week, 2 days ago

Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail

References

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-p…

Affected products

pdns

<4.9.15
<5.0.5

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

nixos-unstable 5.0.4
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.0.4
nixos-25.11 4.9.14
- nixos-25.11-small 4.9.14
- nixpkgs-25.11-darwin 4.9.14

pkgs.pdnsd

Permanent DNS caching

nixos-unstable 1.2.9a-par
- nixpkgs-unstable 1.2.9a-par
- nixos-unstable-small 1.2.9a-par
nixos-25.11 1.2.9a-par
- nixos-25.11-small 1.2.9a-par
- nixpkgs-25.11-darwin 1.2.9a-par

pkgs.pdnsgrep

Search tool for PowerDNS logs

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.4.1
- nixpkgs-unstable 5.4.1
- nixos-unstable-small 5.4.1
nixos-25.11 5.2.9
- nixos-25.11-small 5.2.9
- nixpkgs-25.11-darwin 5.2.9

pkgs.home-assistant-component-tests.namecheapdns

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

Package maintainers

@NickCao Nick Cao <nickcao@nichi.co>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@rwxd rwxd <git@rwxd.de>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2026-42002

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 1 week, 2 days ago Activity log

Created suggestion 1 week, 2 days ago

Concurrency and locking defects in GSS-TSIG

References

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-p…

Affected products

pdns

<4.9.15
<5.0.5

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

nixos-unstable 5.0.4
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.0.4
nixos-25.11 4.9.14
- nixos-25.11-small 4.9.14
- nixpkgs-25.11-darwin 4.9.14

pkgs.pdnsd

Permanent DNS caching

nixos-unstable 1.2.9a-par
- nixpkgs-unstable 1.2.9a-par
- nixos-unstable-small 1.2.9a-par
nixos-25.11 1.2.9a-par
- nixos-25.11-small 1.2.9a-par
- nixpkgs-25.11-darwin 1.2.9a-par

pkgs.pdnsgrep

Search tool for PowerDNS logs

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.4.1
- nixpkgs-unstable 5.4.1
- nixos-unstable-small 5.4.1
nixos-25.11 5.2.9
- nixos-25.11-small 5.2.9
- nixpkgs-25.11-darwin 5.2.9

pkgs.home-assistant-component-tests.namecheapdns

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

Package maintainers

@NickCao Nick Cao <nickcao@nichi.co>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@rwxd rwxd <git@rwxd.de>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2026-42000

6.8 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): None (N)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

created 1 week, 2 days ago Activity log

Created suggestion 1 week, 2 days ago

Insufficient Validation of Names During AXFR

References

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-p…

Affected products

pdns

<5.0.5
<4.9.15

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

nixos-unstable 5.0.4
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.0.4
nixos-25.11 4.9.14
- nixos-25.11-small 4.9.14
- nixpkgs-25.11-darwin 4.9.14

pkgs.pdnsd

Permanent DNS caching

nixos-unstable 1.2.9a-par
- nixpkgs-unstable 1.2.9a-par
- nixos-unstable-small 1.2.9a-par
nixos-25.11 1.2.9a-par
- nixos-25.11-small 1.2.9a-par
- nixpkgs-25.11-darwin 1.2.9a-par

pkgs.pdnsgrep

Search tool for PowerDNS logs

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.4.1
- nixpkgs-unstable 5.4.1
- nixos-unstable-small 5.4.1
nixos-25.11 5.2.9
- nixos-25.11-small 5.2.9
- nixpkgs-25.11-darwin 5.2.9

pkgs.home-assistant-component-tests.namecheapdns

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

Package maintainers

@NickCao Nick Cao <nickcao@nichi.co>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@rwxd rwxd <git@rwxd.de>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2026-41999

4.8 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

created 1 week, 2 days ago Activity log

Created suggestion 1 week, 2 days ago

Incorrect Behaviour of Views with TCP PROXY Requests

References

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-p…

Affected products

pdns

<5.0.5

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

nixos-unstable 5.0.4
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.0.4
nixos-25.11 4.9.14
- nixos-25.11-small 4.9.14
- nixpkgs-25.11-darwin 4.9.14

pkgs.pdnsd

Permanent DNS caching

nixos-unstable 1.2.9a-par
- nixpkgs-unstable 1.2.9a-par
- nixos-unstable-small 1.2.9a-par
nixos-25.11 1.2.9a-par
- nixos-25.11-small 1.2.9a-par
- nixpkgs-25.11-darwin 1.2.9a-par

pkgs.pdnsgrep

Search tool for PowerDNS logs

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.4.1
- nixpkgs-unstable 5.4.1
- nixos-unstable-small 5.4.1
nixos-25.11 5.2.9
- nixos-25.11-small 5.2.9
- nixpkgs-25.11-darwin 5.2.9

pkgs.home-assistant-component-tests.namecheapdns

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

Package maintainers

@NickCao Nick Cao <nickcao@nichi.co>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@rwxd rwxd <git@rwxd.de>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2026-33261

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 1 month, 1 week ago Activity log

Created suggestion 1 month, 1 week ago

Null pointer accces in aggressive NSEC(3) cache

A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.

References

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerd…

Affected products

pdns-recursor

<5.4.1
<5.2.9
<5.3.6

Matching in nixpkgs

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

nixos-unstable 1.04
- nixpkgs-unstable 1.04
- nixos-unstable-small 1.04
nixos-25.11 1.04
- nixos-25.11-small 1.04
- nixpkgs-25.11-darwin 1.04

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.4.0
- nixpkgs-unstable 5.4.0
- nixos-unstable-small 5.4.0
nixos-25.11 5.2.8
- nixos-25.11-small 5.2.8
- nixpkgs-25.11-darwin 5.2.8

Package maintainers

@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@jtrees Joshua Trees <me@jtrees.io>

Untriaged

Permalink CVE-2026-33260

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 1 month, 1 week ago Activity log

Created suggestion 1 month, 1 week ago

Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

References

Affected products

pdns

<4.9.14
<5.0.4

dnsdist

<2.0.4
<1.9.13

pdns-recursor

<5.4.1
<5.2.9
<5.3.6

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

nixos-unstable 5.0.3
- nixpkgs-unstable 5.0.3
- nixos-unstable-small 5.0.3
nixos-25.11 4.9.8
- nixos-25.11-small 4.9.8
- nixpkgs-25.11-darwin 4.9.8

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

nixos-unstable 1.04
- nixpkgs-unstable 1.04
- nixos-unstable-small 1.04
nixos-25.11 1.04
- nixos-25.11-small 1.04
- nixpkgs-25.11-darwin 1.04

pkgs.pdnsd

Permanent DNS caching

nixos-unstable 1.2.9a-par
- nixpkgs-unstable 1.2.9a-par
- nixos-unstable-small 1.2.9a-par
nixos-25.11 1.2.9a-par
- nixos-25.11-small 1.2.9a-par
- nixpkgs-25.11-darwin 1.2.9a-par

pkgs.dnsdist

DNS Loadbalancer

nixos-unstable 2.0.3
- nixpkgs-unstable 2.0.3
- nixos-unstable-small 2.0.3
nixos-25.11 1.9.12
- nixos-25.11-small 1.9.12
- nixpkgs-25.11-darwin 1.9.12

pkgs.pdnsgrep

Search tool for PowerDNS logs

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.4.0
- nixpkgs-unstable 5.4.0
- nixos-unstable-small 5.4.0
nixos-25.11 5.2.8
- nixos-25.11-small 5.2.8
- nixpkgs-25.11-darwin 5.2.8

pkgs.home-assistant-component-tests.namecheapdns

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-components.namecheapdns

Open source home automation that puts local control and privacy first

nixos-unstable 2026.4.3
- nixpkgs-unstable 2026.4.2
- nixos-unstable-small 2026.4.3

Package maintainers

@jojosch Johannes Schleifenbaum <johannes@js-webcoding.de>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@NickCao Nick Cao <nickcao@nichi.co>
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@rwxd rwxd <git@rwxd.de>
@jtrees Joshua Trees <me@jtrees.io>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2026-33611

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 1 month, 1 week ago Activity log

Created suggestion 1 month, 1 week ago

Insufficient validation of HTTPS and SVCB records

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.

References

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-p…

Affected products

pdns

<4.9.14
<5.0.4

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

nixos-unstable 5.0.3
- nixpkgs-unstable 5.0.3
- nixos-unstable-small 5.0.3
nixos-25.11 4.9.8
- nixos-25.11-small 4.9.8
- nixpkgs-25.11-darwin 4.9.8

pkgs.pdnsd

Permanent DNS caching

nixos-unstable 1.2.9a-par
- nixpkgs-unstable 1.2.9a-par
- nixos-unstable-small 1.2.9a-par
nixos-25.11 1.2.9a-par
- nixos-25.11-small 1.2.9a-par
- nixpkgs-25.11-darwin 1.2.9a-par

pkgs.pdnsgrep

Search tool for PowerDNS logs

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.4.0
- nixpkgs-unstable 5.4.0
- nixos-unstable-small 5.4.0
nixos-25.11 5.2.8
- nixos-25.11-small 5.2.8
- nixpkgs-25.11-darwin 5.2.8

pkgs.home-assistant-component-tests.namecheapdns

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-components.namecheapdns

Open source home automation that puts local control and privacy first

nixos-unstable 2026.4.3
- nixpkgs-unstable 2026.4.2
- nixos-unstable-small 2026.4.3

Package maintainers

@NickCao Nick Cao <nickcao@nichi.co>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@rwxd rwxd <git@rwxd.de>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2026-33262

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 1 month, 1 week ago Activity log

Created suggestion 1 month, 1 week ago

Insufficient validation of cookie reply

An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.

References

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerd…

Affected products

pdns-recursor

<5.4.1
<5.2.9
<5.3.6

Matching in nixpkgs

pkgs.rotp

Open-source modernization of the 1993 classic "Master of Orion", written in Java

nixos-unstable 1.04
- nixpkgs-unstable 1.04
- nixos-unstable-small 1.04
nixos-25.11 1.04
- nixos-25.11-small 1.04
- nixpkgs-25.11-darwin 1.04

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.4.0
- nixpkgs-unstable 5.4.0
- nixos-unstable-small 5.4.0
nixos-25.11 5.2.8
- nixos-25.11-small 5.2.8
- nixpkgs-25.11-darwin 5.2.8

Package maintainers

@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@jtrees Joshua Trees <me@jtrees.io>

Untriaged

Permalink CVE-2026-33610

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 1 month, 1 week ago Activity log

Created suggestion 1 month, 1 week ago

Possible file descriptor exhaustion in forward-dnsupdate

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.

References

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-p…

Affected products

pdns

<4.9.14
<5.0.4

Matching in nixpkgs

pkgs.pdns

Authoritative DNS server

nixos-unstable 5.0.3
- nixpkgs-unstable 5.0.3
- nixos-unstable-small 5.0.3
nixos-25.11 4.9.8
- nixos-25.11-small 4.9.8
- nixpkgs-25.11-darwin 4.9.8

pkgs.pdnsd

Permanent DNS caching

nixos-unstable 1.2.9a-par
- nixpkgs-unstable 1.2.9a-par
- nixos-unstable-small 1.2.9a-par
nixos-25.11 1.2.9a-par
- nixos-25.11-small 1.2.9a-par
- nixpkgs-25.11-darwin 1.2.9a-par

pkgs.pdnsgrep

Search tool for PowerDNS logs

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.pdns-recursor

Recursive DNS server

nixos-unstable 5.4.0
- nixpkgs-unstable 5.4.0
- nixos-unstable-small 5.4.0
nixos-25.11 5.2.8
- nixos-25.11-small 5.2.8
- nixpkgs-25.11-darwin 5.2.8

pkgs.home-assistant-component-tests.namecheapdns

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-components.namecheapdns

Open source home automation that puts local control and privacy first

nixos-unstable 2026.4.3
- nixpkgs-unstable 2026.4.2
- nixos-unstable-small 2026.4.3

Package maintainers

@NickCao Nick Cao <nickcao@nichi.co>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@rwxd rwxd <git@rwxd.de>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.pdns

pkgs.pdnsd

pkgs.pdnsgrep

pkgs.pdns-recursor

pkgs.home-assistant-component-tests.namecheapdns

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.pdns

pkgs.pdnsd

pkgs.pdnsgrep

pkgs.pdns-recursor

pkgs.home-assistant-component-tests.namecheapdns

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.pdns

pkgs.pdnsd

pkgs.pdnsgrep

pkgs.pdns-recursor

pkgs.home-assistant-component-tests.namecheapdns

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.pdns

pkgs.pdnsd

pkgs.pdnsgrep

pkgs.pdns-recursor

pkgs.home-assistant-component-tests.namecheapdns

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.pdns

pkgs.pdnsd

pkgs.pdnsgrep

pkgs.pdns-recursor

pkgs.home-assistant-component-tests.namecheapdns

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.rotp

pkgs.pdns-recursor

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.pdns

pkgs.rotp

pkgs.pdnsd

pkgs.dnsdist

pkgs.pdnsgrep

pkgs.pdns-recursor

pkgs.home-assistant-component-tests.namecheapdns

pkgs.tests.home-assistant-components.namecheapdns

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.pdns

pkgs.pdnsd

pkgs.pdnsgrep

pkgs.pdns-recursor

pkgs.home-assistant-component-tests.namecheapdns

pkgs.tests.home-assistant-components.namecheapdns

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.rotp

pkgs.pdns-recursor

Package maintainers