CVE-2026-45557

Description

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0.

CVSS v3.1 Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

EPSS — Exploit Prediction

0.0005

Probability of exploitation

0.15%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-405 CWE-405

CWE-406 CWE-406

CWE-770 CWE-770

References

Other References

https://github.com/TechnitiumSoftware/DnsServer/blo/master/CHANGELOG.md#version-150 https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-138-02.json https://www.cve.org/CVERecord?id=CVE-2026-45557

Frequently Asked Questions

What is CVE-2026-45557? +

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0. It has a CVSS v3.1 base score of 5.8 (MEDIUM).

How severe is CVE-2026-45557? +

CVE-2026-45557 has a CVSS v3.1 score of 5.8 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0005, placing it in the 0th percentile for exploitation probability.

How do I check if I'm vulnerable to CVE-2026-45557? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-53633 9.8

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a …

CVE-2024-56200 8.6

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image …

CVE-2025-42874 7.9

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on …

CVE-2025-66564 7.5

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a …

CVE-2025-66506 7.5

Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, …

CVE-2025-22166 7.5

This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial …