CVE Catalog

CVE-2026-40011

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Summary

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.

Risk Assessment

The risk is a disruption in DNS infrastructure monitoring, as the Prometheus scraper rejects data from the endpoint, potentially delaying detection of other issues.

Recommendation

It is recommended to limit the number of DNS queries from a single source and implement monitoring of data correctness from the Prometheus endpoint to quickly detect anomalies.

Original NVD description (English source)

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS