CVE-2026-40209 – Denial of service via IXFR queries

CVE ID :CVE-2026-40209

Published : June 25, 2026, 12:23 p.m. | 1 hour, 21 minutes ago

Description :An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or if the process runs out of file descriptors.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…