CVE-2026-47693
Deferred Deferred - Pending Action

CSV Injection in Poweradmin Log Export

Vulnerability report for CVE-2026-47693, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-23

Last updated on: 2026-06-24

Assigner: GitHub, Inc.

Description

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula Injection) in its log export functionality. User-controlled data β€” specifically the username field β€” is written to exported CSV files without sanitizing formula trigger characters (=, +, -, @). When an administrator exports activity logs and opens the resulting CSV in a spreadsheet application (Microsoft Excel, LibreOffice Calc, Google Sheets), any formula stored in a username is executed by the application. This can be used for phishing attacks against administrators or data exfiltration. Versions 4.2.4 and 4.3.3 patch the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-23
Last Modified
2026-06-24
Generated
2026-07-15
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-14
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
poweradmin poweradmin to 4.2.4|end_excluding=4.3.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1236 The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Poweradmin, a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 have a CSV Injection (Formula Injection) issue in the log export functionality. Specifically, user-controlled data in the username field is written to exported CSV files without sanitizing characters that trigger formulas (=, +, -, @). When an administrator exports activity logs and opens the CSV file in spreadsheet applications like Microsoft Excel, LibreOffice Calc, or Google Sheets, any malicious formula embedded in the username is executed.

This can be exploited to perform phishing attacks against administrators or to exfiltrate data.

Impact Analysis

The vulnerability can lead to execution of malicious formulas when exported CSV files are opened by administrators in spreadsheet applications. This can result in phishing attacks targeting administrators or unauthorized data exfiltration.

Because the vulnerability involves executing arbitrary formulas, it can compromise the confidentiality and integrity of data managed through Poweradmin.

Detection Guidance

This vulnerability involves CSV Injection in the log export functionality of Poweradmin versions prior to 4.2.4 and 4.3.3, specifically through the username field in exported CSV files.

Detection can focus on examining exported CSV log files for the presence of formula trigger characters (=, +, -, @) at the start of username fields, which could indicate potential injection.

Since no specific commands or detection tools are provided in the available information, a manual inspection or custom script to scan exported CSV files for usernames starting with these characters can be used.

Mitigation Strategies

The immediate mitigation step is to upgrade Poweradmin to version 4.2.4 or 4.3.3, where this CSV Injection vulnerability has been patched.

Additionally, avoid opening exported CSV log files directly in spreadsheet applications without sanitizing or validating the username fields to prevent execution of malicious formulas.

Compliance Impact

The vulnerability allows user-controlled data to be executed as formulas in exported CSV files, potentially leading to phishing attacks or data exfiltration when administrators open these files. This could result in unauthorized disclosure or manipulation of sensitive information.

Such unauthorized data exposure or manipulation may impact compliance with standards and regulations like GDPR or HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.

However, the provided information does not explicitly detail the compliance implications or specific regulatory impacts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47693. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart