CVE-2026-40208
Deferred
Deferred - Pending Action
DoH3 GET Query Processing Delay via Invalid DATA Frame
Vulnerability report for CVE-2026-40208, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-25
Last updated on: 2026-06-25
Assigner: Open-Xchange
Description
Description
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| powerdns | dnsdist | to 2.0.6 (inc) |
| powerdns | dnsdist | 1.9.15 |
| powerdns | dnsdist | 2.0.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-705 | The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition. |