CVE-2026-40719

EUVD-2026-22839
Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
mitreCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
maradnsmaradns
3.5.36
CNA
Debian logo
Debian Releases
Debian Product
Codename
maradns
bullseye
vulnerable
bullseye (security)
vulnerable
Common Weakness Enumeration
References
https://github.com/samboy/MaraDNS/security/advisories/GHSA-cfc6-vhrv-62cj
https://maradns.samiam.org/changelog.html
https://github.com/samboy/MaraDNS/security/advisories/GHSA-cfc6-vhrv-62cj