CVE-2026-33262
Received
Received - Intake
Null Pointer Dereference in Open-Xchange Replies Causes DoS
Publication date: 2026-04-22
Last updated on: 2026-04-27
Assigner: Open-Xchange
Description
Description
An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| powerdns | recursor | From 5.2.0 (inc) to 5.2.9 (exc) |
| powerdns | recursor | From 5.3.0 (inc) to 5.3.6 (exc) |
| powerdns | recursor | 5.4.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when an attacker sends replies that cause a null pointer dereference due to a missing consistency check in the software. This flaw leads to a denial of service condition.
Additionally, cookies are disabled by default, which may be relevant to the context of the vulnerability.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS), which means that an attacker can cause the affected system or application to crash or become unavailable by exploiting the null pointer dereference.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70