CVE-2026-40011
LowCVSS 3.7Summary
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.
Risk Assessment
The risk is a disruption in DNS infrastructure monitoring, as the Prometheus scraper rejects data from the endpoint, potentially delaying detection of other issues.
Recommendation
It is recommended to limit the number of DNS queries from a single source and implement monitoring of data correctness from the Prometheus endpoint to quickly detect anomalies.
Original NVD description (English source)
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.

