CVE-2026-52690
MediumCVSS 5.9Summary
The vulnerability allows spoofing replies to a Recursor, which may mark an IP address of an authoritative server as not supporting EDNS. As a result, validation of DNSSEC records served by that server may fail.
Risk Assessment
The risk involves potential disruption of DNSSEC validation, which may lead to incorrect rejection of valid DNS responses or acceptance of forged ones, compromising the integrity and authenticity of name resolution.
Recommendation
It is recommended to update the Recursor software to a version that includes a fix eliminating the possibility of spoofing EDNS responses. Consider also implementing additional DNS response authentication mechanisms, such as DNSSEC.
Original NVD description (English source)
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail.

