CVE-2026-33256
Unrestricted Memory Allocation in Open-Xchange Web Server Causes DoS
Publication date: 2026-04-22
Last updated on: 2026-04-27
Assigner: Open-Xchange
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| powerdns | recursor | From 5.2.0 (inc) to 5.2.9 (exc) |
| powerdns | recursor | From 5.3.0 (inc) to 5.3.6 (exc) |
| powerdns | recursor | 5.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an attacker to send a specially crafted web request to the internal web server that triggers unlimited memory allocation. This excessive memory consumption can cause the server to become unresponsive or crash, resulting in a denial of service condition.
It is important to note that the internal web server is disabled by default, which may reduce the likelihood of exploitation.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS) condition. An attacker exploiting this issue can cause the internal web server to consume unlimited memory, potentially leading to system instability or crashes.
Since the internal web server is disabled by default, the risk depends on whether it has been enabled in your environment.
What immediate steps should I take to mitigate this vulnerability?
The internal web server is disabled by default, so ensuring it remains disabled is an immediate mitigation step.
Avoid enabling the internal web server unless necessary, as it is vulnerable to an attacker sending web requests that cause unlimited memory allocation leading to denial of service.