CVE-2026-0396
HTML Injection via DNS Queries in DNSdist Dynamic Rules Dashboard
Publication date: 2026-03-31
Last updated on: 2026-04-13
Assigner: Open-Xchange
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| powerdns | dnsdist | From 1.9.0 (inc) to 1.9.12 (exc) |
| powerdns | dnsdist | From 2.0.0 (inc) to 2.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0396 is an HTML injection vulnerability in the PowerDNS DNSdist internal web dashboard.
It occurs when an attacker sends specially crafted DNS queries that trigger domain-based dynamic rules enabled via the DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI functions.
This allows the attacker to inject arbitrary HTML content into the internal web dashboard.
The vulnerability affects DNSdist versions from 1.9.0 to 1.9.11 and 2.0.0 to 2.0.2, with versions 1.9.12 and 2.0.3 being unaffected.
How can this vulnerability impact me? :
The impact of this vulnerability is low, with a CVSS 3.1 score of 3.1.
It allows an attacker to inject HTML content into the internal web dashboard, which could lead to low integrity issues.
There is no impact on confidentiality or availability, and no risk of system compromise.
Exploitation requires network access, high attack complexity, no privileges, and user interaction.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves injection of HTML content into the internal web dashboard by sending specially crafted DNS queries to a DNSdist instance with domain-based dynamic rules enabled. Detection would involve monitoring DNS queries for unusual or crafted patterns targeting the DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI functions.
However, no specific detection commands or tools are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation step is to upgrade DNSdist to version 1.9.12, 2.0.3, or later, as these versions are not affected by the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.