CVE-2026-0396
Received Received - Intake
HTML Injection via DNS Queries in DNSdist Dynamic Rules Dashboard

Publication date: 2026-03-31

Last updated on: 2026-04-13

Assigner: Open-Xchange

Description
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0396
EUVD
EUVD-2026-17361
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
powerdns dnsdist From 1.9.0 (inc) to 1.9.12 (exc)
powerdns dnsdist From 2.0.0 (inc) to 2.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-80 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-0396 is an HTML injection vulnerability in the PowerDNS DNSdist internal web dashboard.

It occurs when an attacker sends specially crafted DNS queries that trigger domain-based dynamic rules enabled via the DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI functions.

This allows the attacker to inject arbitrary HTML content into the internal web dashboard.

The vulnerability affects DNSdist versions from 1.9.0 to 1.9.11 and 2.0.0 to 2.0.2, with versions 1.9.12 and 2.0.3 being unaffected.

Impact Analysis

The impact of this vulnerability is low, with a CVSS 3.1 score of 3.1.

It allows an attacker to inject HTML content into the internal web dashboard, which could lead to low integrity issues.

There is no impact on confidentiality or availability, and no risk of system compromise.

Exploitation requires network access, high attack complexity, no privileges, and user interaction.

Detection Guidance

This vulnerability involves injection of HTML content into the internal web dashboard by sending specially crafted DNS queries to a DNSdist instance with domain-based dynamic rules enabled. Detection would involve monitoring DNS queries for unusual or crafted patterns targeting the DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI functions.

However, no specific detection commands or tools are provided in the available information.

Mitigation Strategies

The recommended immediate mitigation step is to upgrade DNSdist to version 1.9.12, 2.0.3, or later, as these versions are not affected by the vulnerability.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0396. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart