Vulnerabilities ›

CVE-2026-33609

Medium

CWE-90 — Weakness Type

                    Published: Apr 22, 2026                      ·  Modified: Apr 25, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.

🤖 AI Executive Summary

CVE-2026-33609 is an LDAP injection vulnerability in systems with 8bit-dns enabled that allows incomplete escaping of queries, enabling unauthorized access to internal domain subtrees. Attackers can exploit this to enumerate and query sensitive directory information without proper authorization.

📄 Description (Arabic)

هذه الثغرة تسمح للمستخدمين بتنفيذ استعلامات LDAP غير مصرح بها على الأشجار الفرعية للمجال الداخلي عند تفعيل 8bit-dns. يمكن للمهاجمين استغلال عدم اكتمال آلية تجنب الأحرف للوصول إلى معلومات الدليل الحساسة.

🤖 ملخص تنفيذي (AI)

This vulnerability affects LDAP query processing when 8bit-dns is enabled, allowing attackers to bypass query escaping mechanisms and access internal domain information. Organizations using LDAP directories are at risk of unauthorized information disclosure through crafted queries.

🤖 AI Intelligence Analysis Analyzed: May 29, 2026 09:45

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking government telecom healthcare

🎯 MITRE ATT&CK Techniques

T1087 T1526 T1087.002

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Disable 8bit-dns if not required for operations; apply vendor security patches immediately; implement strict input validation and LDAP query parameterization; enforce principle of least privilege for LDAP service accounts; monitor LDAP query logs for suspicious patterns; conduct security audit of LDAP configurations.

🔧 خطوات المعالجة (العربية)

تعطيل 8bit-dns إذا لم يكن مطلوباً؛ تطبيق تصحيحات الأمان من المورد فوراً؛ تنفيذ التحقق الصارم من المدخلات وتحديد معاملات استعلامات LDAP؛ فرض مبدأ أقل صلاحية لحسابات خدمة LDAP؛ مراقبة سجلات استعلامات LDAP للأنماط المريبة؛ إجراء تدقيق أمني لتكوينات LDAP.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

2.1 2.2 5.1

🔵 SAMA CSF

AC-2 AC-3 SI-10

🟡 ISO 27001:2022

A.9.2.1 A.9.2.5 A.14.2.1

🔗 References & Sources 1

🔗

https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-...

security@open-xchange.com

Broken Link Vendor Advisory

📦 Affected Products / CPE 2 entries

powerdns:authoritative

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityH — High

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-90

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-04-22

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-90

🏢 Vendor Advisories

🔗 https://docs.powerdns.com/authoritative/security-adv...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-33609

Introduce Yourself

Sign In Required