Join the Cyber Forum: Threat Intel on May 12, 2026 to learn how AI is reshaping threat defense.Join the Virtual Cyber Forum: Threat IntelRegister Now
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-33611

CVE-2026-33611: Authoritative Server DoS Vulnerability

CVE-2026-33611 is a denial of service flaw in Authoritative Server allowing REST API operators to corrupt LMDB databases through invalid HTTPS or SVCB records. This article covers technical details, impacts, and mitigations.

Published: April 23, 2026

CVE-2026-33611 Overview

CVE-2026-33611 is an Integer Overflow vulnerability affecting PowerDNS Authoritative Server. An operator with REST API access can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can subsequently lead to LMDB database corruption when using the LMDB backend.

Critical Impact

Authenticated attackers with REST API privileges can corrupt the LMDB database backend, potentially causing loss of data integrity and service availability for DNS operations.

Affected Products

  • PowerDNS Authoritative Server (versions using LMDB backend)
  • PowerDNS installations with REST API enabled
  • Systems utilizing HTTPS or SVCB DNS record types

Discovery Timeline

  • 2026-04-22 - CVE CVE-2026-33611 published to NVD
  • 2026-04-22 - Last updated in NVD database

Technical Details for CVE-2026-33611

Vulnerability Analysis

This vulnerability stems from CWE-190 (Integer Overflow or Wraparound) in the PowerDNS Authoritative Server's handling of HTTPS and SVCB record data through the REST API. When an authenticated operator submits specially crafted record data via the REST API, the server fails to properly validate numeric boundaries, resulting in an integer overflow condition.

The overflow causes the generation of invalid HTTPS or SVCB DNS record data. When this malformed data is written to the LMDB (Lightning Memory-Mapped Database) backend, it corrupts the database structure. LMDB is a memory-mapped B+ tree database that provides efficient read operations for DNS lookups, making corruption particularly impactful for DNS service availability.

The attack requires network access and high privileges (REST API operator credentials), but once those conditions are met, no user interaction is required to exploit the vulnerability. The impact is primarily on integrity and availability of the DNS service, with no direct confidentiality impact.

Root Cause

The root cause is an Integer Overflow (CWE-190) in the record data processing logic. When handling HTTPS or SVCB record parameters through the REST API, the server performs arithmetic operations on user-supplied values without adequate boundary checking. This allows numeric values to wrap around when they exceed the maximum representable value, producing unexpected and invalid record data that violates LMDB storage constraints.

Attack Vector

The attack is network-based and requires an authenticated operator with REST API access. The attacker submits malformed HTTPS or SVCB record data through the REST API endpoints, triggering the integer overflow condition during record processing. The corrupted data is then persisted to the LMDB backend, potentially rendering the DNS database unusable.

The vulnerability specifically targets the SVCB (Service Binding) and HTTPS record types, which are relatively newer DNS record types used for service discovery and HTTPS connection optimization. The attacker crafts parameter values designed to trigger integer overflow during the record serialization process.

Detection Methods for CVE-2026-33611

Indicators of Compromise

  • Unexpected LMDB database corruption errors in PowerDNS logs
  • Abnormal REST API requests containing malformed HTTPS or SVCB record data
  • Integer overflow-related error messages in server logs
  • DNS service failures following REST API administrative operations

Detection Strategies

  • Monitor PowerDNS REST API access logs for unusual HTTPS or SVCB record creation requests
  • Implement input validation alerts for record data with extreme numeric values
  • Set up LMDB database integrity monitoring with regular consistency checks
  • Configure alerting for REST API authentication from unexpected sources

Monitoring Recommendations

  • Enable detailed logging for all REST API operations on PowerDNS servers
  • Implement regular automated database integrity verification for LMDB backends
  • Monitor for service restarts or crashes following administrative API operations
  • Track REST API operator activity patterns for anomalous behavior

How to Mitigate CVE-2026-33611

Immediate Actions Required

  • Review and restrict REST API access to trusted operators only
  • Audit current REST API operator accounts and remove unnecessary privileges
  • Implement network-level controls to limit REST API access to authorized management networks
  • Create verified backups of LMDB databases before applying any patches

Patch Information

Refer to the PowerDNS Security Advisory for official patch information and updated software versions. Organizations should apply vendor-provided patches as soon as they become available after appropriate testing.

Workarounds

  • Disable REST API access if not required for operations
  • Implement strict network segmentation for REST API management interfaces
  • Consider using alternative database backends (non-LMDB) if available and appropriate for your environment
  • Apply additional input validation at the network perimeter for API requests

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechN/A
  • SeverityMEDIUM
  • CVSS Score6.5
  • EPSS Probability0.01%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-190
  • Technical References
  • PowerDNS Security Advisory
  • Latest CVEs
  • CVE-2025-49454: TinySalt Path Traversal Vulnerability
  • CVE-2025-48261: MultiVendorX Information Disclosure Flaw
  • CVE-2025-32119: CardGate WooCommerce SQL Injection Flaw
  • CVE-2025-26879: s2Member Plugin Reflected XSS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English