CVE-2026-24029 — MEDIUM (6.5)

Q: How severe is CVE-2026-24029?

CVE-2026-24029 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-24029?

Check the references section above for vendor advisories and patch information. Affected products include: Powerdns Dnsdist.

Vulnerability Description

When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Powerdns	Dnsdist	>= 1.9.0, < 1.9.12

Related Weaknesses (CWE)

CWE-863

References

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-0Vendor Advisory

FAQ

What is CVE-2026-24029?

CVE-2026-24029 is a vulnerability with a CVSS score of 6.5 (MEDIUM). When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send Do...

How severe is CVE-2026-24029?

CVE-2026-24029 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-24029?

Check the references section above for vendor advisories and patch information. Affected products include: Powerdns Dnsdist.