CVE-2026-42387
Received Received - Intake
Recursor Denial of Service via ZoneToCache Input Validation

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Open-Xchange

Description
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-42387
EUVD
EUVD-2026-39357
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when a malicious authoritative server sends a specially crafted zone via the ZoneToCache function. Due to insufficient input validation in this function, the Recursor crashes.

Impact Analysis

The impact of this vulnerability is a denial of service condition caused by the crash of the Recursor component. This means that the affected service may become unavailable or unstable.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42387. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart