CVE-2026-40011
Deferred Deferred - Pending Action
Prometheus Endpoint Rejection via Malicious DNS Queries

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Open-Xchange

Description
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-40011
EUVD
EUVD-2026-39346
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open-xchange prometheus *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-116 The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves an attacker sending a large number of specially crafted DNS queries that can cause a dynamic block to be inserted with a value that produces invalid output in the prometheus endpoint.

As a result, the prometheus endpoint will be rejected by the scraper until the dynamic block expires.

Impact Analysis

The impact of this vulnerability is that the prometheus endpoint may become temporarily unavailable to the scraper due to the invalid output caused by the dynamic block.

This could lead to a loss of monitoring data or metrics collection until the dynamic block expires and normal operation resumes.

Detection Guidance

This vulnerability involves an attacker sending a large number of crafted DNS queries that cause invalid output in the prometheus endpoint, which is then rejected by the scraper until the dynamic block expires.

Detection can focus on monitoring unusual spikes or patterns of DNS queries that might trigger the dynamic block insertion.

Additionally, monitoring the prometheus endpoint for invalid output or repeated rejections by the scraper can indicate exploitation attempts.

Specific commands or tools to detect this vulnerability are not provided in the available information.

Mitigation Strategies

The provided information does not specify immediate mitigation steps or remediation actions for this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40011. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart