CVE-2026-40012 - Vulnerability Details - OpenCVE

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html

History

Thu, 25 Jun 2026 18:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200

Thu, 25 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200

Thu, 25 Jun 2026 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200

Thu, 25 Jun 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-524
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 25 Jun 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;
Title		Information about ECS zero scoped answers might leak to clients that use a specific ECS
References		https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: OX

Published: 2026-06-25T12:58:51.987Z

Updated: 2026-06-25T14:41:00.796Z

Reserved: 2026-04-08T09:59:59.342Z

Link: CVE-2026-40012

Vulnrichment

Updated: 2026-06-25T14:40:52.251Z

NVD

No data.

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40012", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "state": "PUBLISHED", "assignerShortName": "OX", "dateReserved": "2026-04-08T09:59:59.342Z", "datePublished": "2026-06-25T12:58:51.987Z", "dateUpdated": "2026-06-25T14:41:00.796Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-06-25T12:58:51.987Z"}, "title": "Information about ECS zero scoped answers might leak to clients that use a specific ECS", "datePublic": "2026-06-24T22:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "description": "Exposure of Resource to Wrong Sphere", "type": "CWE"}]}], "affected": [{"vendor": "PowerDNS", "product": "Recursor", "collectionURL": "https://repo.powerdns.com/", "packageName": "pdns-recursor", "repo": "https://github.com/PowerDNS/pdns", "modules": ["EDNS Client Subnet processing"], "programFiles": ["pdns_recursor.cc"], "versions": [{"status": "affected", "version": "5.2.0", "lessThan": "5.2.11", "versionType": "semver"}, {"status": "affected", "version": "5.3.0", "lessThan": "5.3.8", "versionType": "semver"}, {"status": "affected", "version": "5.4.0", "lessThan": "5.4.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;</p>"}]}], "references": [{"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "credits": [{"lang": "en", "value": "Danial Mahadzir", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-524", "lang": "en", "description": "CWE-524 Use of Cache Containing Sensitive Information"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-25T14:40:29.990781Z", "id": "CVE-2026-40012", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-25T14:41:00.796Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40012", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-25T14:40:29.990781Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-524", "description": "CWE-524 Use of Cache Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-25T14:40:52.251Z"}}], "cna": {"title": "Information about ECS zero scoped answers might leak to clients that use a specific ECS", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Danial Mahadzir"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/PowerDNS/pdns", "vendor": "PowerDNS", "modules": ["EDNS Client Subnet processing"], "product": "Recursor", "versions": [{"status": "affected", "version": "5.2.0", "lessThan": "5.2.11", "versionType": "semver"}, {"status": "affected", "version": "5.3.0", "lessThan": "5.3.8", "versionType": "semver"}, {"status": "affected", "version": "5.4.0", "lessThan": "5.4.3", "versionType": "semver"}], "packageName": "pdns-recursor", "programFiles": ["pdns_recursor.cc"], "collectionURL": "https://repo.powerdns.com/", "defaultStatus": "unaffected"}], "datePublic": "2026-06-24T22:00:00.000Z", "references": [{"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-08.html"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;", "supportingMedia": [{"type": "text/html", "value": "<p>ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "Exposure of Resource to Wrong Sphere"}]}], "providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2026-06-25T12:58:51.987Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40012", "state": "PUBLISHED", "dateUpdated": "2026-06-25T14:41:00.796Z", "dateReserved": "2026-04-08T09:59:59.342Z", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "datePublished": "2026-06-25T12:58:51.987Z", "assignerShortName": "OX"}, "dataVersion": "5.2"}