CVE-2026-54588
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
Poweradmin is a web-based DNS administration tool that in versions prior to 4.2.4 and 4.3.3 uses the attacker-controlled `HTTP_HOST` request header to build callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An attacker can exploit this vulnerability to take over the victim's account.
Risk Assessment
Organizations using vulnerable versions of Poweradmin are at risk of account takeover without needing the user's credentials, potentially leading to serious security breaches.
Recommendation
It is recommended to update Poweradmin to versions 4.2.4 or 4.3.3 to patch this vulnerability and secure the authentication processes.
Original NVD description (English source)
Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An unauthenticated attacker can poison the `redirect_uri` sent to the Identity Provider, causing the IdP to redirect the victim's authorization code to an attacker-controlled server - resulting in full account takeover with no credentials required. Versions 4.2.4 and 4.3.3 patch the issue.

