CVE-2026-0397 in PowerDNS DNSdistinformación

Resumen (Inglés)

When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of the Cross-Origin Resource Sharing (CORS) policy.

Reservar

2025-11-28

Divulgación

2026-03-31

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
354353PowerDNS DNSdist escalada de privilegios942No está definidoArreglo oficialCVE-2026-0397

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!