CVE-2026-0397 in DNSdistinformation

Résumé (Anglaise)

When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of the Cross-Origin Resource Sharing (CORS) policy.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Réserver

28/11/2025

Divulgation

31/03/2026

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
354353	PowerDNS DNSdist élévation de privilèges	942	Non défini	Correctif officiel	CVE-2026-0397

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PrécédentAperçuSuivant ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!