CVE-2026-40209
MediumCVSS 5.3Summary
An attacker can send IXFR queries, causing outgoing TCP connections to the backend to be stuck until a timeout occurs instead of being released immediately. This could lead to a denial of service (DoS) if there is a limit on concurrent connections or if file descriptors are exhausted.
Risk Assessment
The risk involves potential exhaustion of connection limits or file descriptors, making the service unavailable to other users.
Recommendation
It is recommended to update the software to a patched version and monitor the number of active TCP connections to the backend.
Original NVD description (English source)
An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or if the process runs out of file descriptors.

