CVE Catalog

CVE-2026-54588

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

Poweradmin is a web-based DNS administration tool that in versions prior to 4.2.4 and 4.3.3 uses the attacker-controlled `HTTP_HOST` request header to build callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An attacker can exploit this vulnerability to take over the victim's account.

Risk Assessment

Organizations using vulnerable versions of Poweradmin are at risk of account takeover without needing the user's credentials, potentially leading to serious security breaches.

Recommendation

It is recommended to update Poweradmin to versions 4.2.4 or 4.3.3 to patch this vulnerability and secure the authentication processes.

Original NVD description (English source)

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An unauthenticated attacker can poison the `redirect_uri` sent to the Identity Provider, causing the IdP to redirect the victim's authorization code to an attacker-controlled server - resulting in full account takeover with no credentials required. Versions 4.2.4 and 4.3.3 patch the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS