{"id":"CVE-2026-42254","details":"Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response.","aliases":["GHSA-83hf-93m4-rgwq"],"modified":"2026-07-08T08:13:15.832629979Z","published":"2026-04-26T02:38:41.261Z","database_specific":{"cwe_ids":["CWE-706"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42254.json","cna_assigner":"mitre"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42254.json"},{"type":"ADVISORY","url":"https://github.com/hickory-dns/hickory-dns/security/advisories/GHSA-83hf-93m4-rgwq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42254"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hickory-dns/hickory-dns","events":[{"introduced":"488961b8adc9a2e4310589a11d7cada1cd40d1fe"},{"fixed":"6317c5a1050505e2ec377acfd5dd4fd40450e6e6"}],"database_specific":{"source":["AFFECTED_FIELD","DESCRIPTION"],"extracted_events":[{"introduced":"0.1"},{"fixed":"0.26"},{"fixed":"0.25.2"}]}}],"versions":["v0.26.0-beta.4","v0.26.0-beta.3","v0.26.0-beta.2","v0.26.0-beta.1","v0.25.2","v0.26.0-alpha.1","v0.25.1","v0.25.0","v0.25.0-alpha.5","v0.25.0-alpha.4","v0.25.0-alpha.3","v0.25.0-alpha.2","v0.25.0-alpha.1","v0.24.0","v0.23.0","v0.23.0-alpha.5","v0.23.0-alpha.4","v0.23.0-alpha.3","v0.22.0","v0.23.0-alpha.2","v0.23.0-alpha.1","v0.21.2","v0.21.1","v0.21.0","v0.21.0-alpha.5","v0.21.0-alpha.4","v0.21.0-alpha.3","v0.21.0-alpha.2","v0.21.0-alpha.1","v0.20.1","v0.20.0","0.19.5","v0.20.0-alpha.3","v0.20.0-alpha.2","v0.20.0-alpha.1","0.18","0.18.0.alpha.2","r0.12_cs0.17","r0.11.1","cs0.16.1","r0.11","cs0.16","r0.10.0","cs0.15.0","v0.14.0","r0.9.0","r0.8.1","r0.8.0","v0.13.0","r0.7.0","r0.6.0","c0.12.0","r0.5.0","resolver.0.4.0","0.11.0","0.10.5","0.10.4","0.10.3","0.10.2","0.10.1","0.10.0","0.9.3","0.9.2","0.9.1","0.9.0","0.8.1","0.8.0","0.7.0","0.6.0","0.5.3","0.5.1","0.5.0","0.4.0","0.3.1","0.2.1","0.2.0","0.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42254.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"}]}