CVE-2026-41237 in Froxlorinfo

Summary

by MITRE • 06/04/2026

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to pass), TLSA `matchingType=0` has no upper bound on hex data length, and all validators return raw input without zone-file escaping. Version 2.3.7 contains an updated patch.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

GitHub M

Reservation

04/18/2026

Disclosure

06/04/2026

Moderation

accepted

Entry

VDB-368404

CPE

ready

CWE

CWE-74 (confirmed)

CVSS

6.3 (VulDB)

EPSS

0.00000

KEV

Activities

low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-41237
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-41237
CVE Details	https://www.cvedetails.com/cve/CVE-2026-41237/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!