CVE-2026-0396 in PowerDNS DNSdistinfo

Summary

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.

Reservation

11/28/2025

Disclosure

03/31/2026

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
354373	PowerDNS DNSdist DynBlockRulesGroup:setSuffixMatchRuleFFI injection	74	Not defined	Official fix	CVE-2026-0396

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!